Your message dated Thu, 17 Dec 2015 05:24:48 +0000 with message-id <e1a9r3y-0004j2...@franck.debian.org> and subject line Bug#808081: fixed in bind9 1:9.9.5.dfsg-12.1 has caused the Debian Bug report #808081, regarding bind9: CVE-2015-8000: Responses with a malformed class attribute can trigger an assertion failure in db.c to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 808081: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=808081 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: bind9 Version: 1:9.7.3.dfsg-1 Severity: grave Tags: security upstream fixed-upstream Hi, the following vulnerability was published for bind9. CVE-2015-8000[0]: Responses with a malformed class attribute can trigger an assertion failure in db.c If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-8000 [1] https://kb.isc.org/article/AA-01317 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: bind9 Source-Version: 1:9.9.5.dfsg-12.1 We believe that the bug you reported is fixed in the latest version of bind9, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 808...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated bind9 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 16 Dec 2015 15:01:39 +0100 Source: bind9 Binary: bind9 bind9utils bind9-doc host bind9-host libbind-dev libbind9-90 libdns100 libisc95 liblwres90 libisccc90 libisccfg90 dnsutils lwresd libbind-export-dev libdns-export100 libdns-export100-udeb libisc-export95 libisc-export95-udeb libisccfg-export90 libisccfg-export90-udeb libirs-export91 libirs-export91-udeb Architecture: source Version: 1:9.9.5.dfsg-12.1 Distribution: unstable Urgency: high Maintainer: LaMont Jones <lam...@debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 808081 Description: bind9 - Internet Domain Name Server bind9-doc - Documentation for BIND bind9-host - Version of 'host' bundled with BIND 9.X bind9utils - Utilities for BIND dnsutils - Clients provided with BIND host - Transitional package libbind-dev - Static Libraries and Headers used by BIND libbind-export-dev - Development files for the exported BIND libraries libbind9-90 - BIND9 Shared Library used by BIND libdns-export100 - Exported DNS Shared Library libdns-export100-udeb - Exported DNS library for debian-installer (udeb) libdns100 - DNS Shared Library used by BIND libirs-export91 - Exported IRS Shared Library libirs-export91-udeb - Exported IRS library for debian-installer (udeb) libisc-export95 - Exported ISC Shared Library libisc-export95-udeb - Exported ISC library for debian-installer (udeb) libisc95 - ISC Shared Library used by BIND libisccc90 - Command Channel Library used by BIND libisccfg-export90 - Exported ISC CFG Shared Library libisccfg-export90-udeb - Exported ISC CFG library for debian-installer (udeb) libisccfg90 - Config File Handling Library used by BIND liblwres90 - Lightweight Resolver Library used by BIND lwresd - Lightweight Resolver Daemon Changes: bind9 (1:9.9.5.dfsg-12.1) unstable; urgency=high . * Non-maintainer upload. * Add patch to fix CVE-2015-8000. CVE-2015-8000: Insufficient testing when parsing a message allowed records with an incorrect class to be accepted, triggering a REQUIRE failure when those records were subsequently cached. (Closes: #808081) Checksums-Sha1: 6b4d55f0d3731a2d05b0726a7474e91286202410 3431 bind9_9.9.5.dfsg-12.1.dsc c2274b3e800e5dfd397aa3500515c987bdf9e744 112989 bind9_9.9.5.dfsg-12.1.diff.gz Checksums-Sha256: 05d6eb748625c6c7840b69a7b836d9ede860a9b256a0d1e7b257f41347afd789 3431 bind9_9.9.5.dfsg-12.1.dsc 82121a405f40a300f5048e1e3f7f2c8b4595c3dca4ac515663a7a632f6d4d4c4 112989 bind9_9.9.5.dfsg-12.1.diff.gz Files: 3b7a047b4b3af715c92172e2a199d528 3431 net optional bind9_9.9.5.dfsg-12.1.dsc 9ec11bad616f55198dfcd999b75624a9 112989 net optional bind9_9.9.5.dfsg-12.1.diff.gz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJWcjbpAAoJEAVMuPMTQ89EYJQQAIXWIztrhjMzcLbmy3EcSG2V DeyZz/wRDucDCqqza59javS4SjTVPd84bcNLeel8KKhUdqdmTfSYCAN29TkxUw/I pe1hTTeIydxJzJIZglRpTZZ7bzElnCenklH42Nz11IpiIscWVCKaS5+/QbjMcU0d tXEUuCoGkfuEnD4tyNJ1435J50igsyhmpZ3bIbzTPvWZ7ipcsUZr0Lp1kA9ISSkm y3vSdGRcNP1h7ahXu93Am+lqanwYc0mCZjUD23q+JQ3yNXhDTE6fiOhxoRfoyeyd BVqFXpwc/rVEfWhKVxHW2D0Km/7YLNM8welgKhSrIX5SmnoH4hQDBPN8gnNNis1j XRgEiH/0z3w+9xbsTarJfeQNnTOVU9P84pg3w3/GgUhyJDkCvOoaix/Q35LOrWPX 6u0t99et8kbxVMcXn5qfKAphbt2dOLClf/1uxfJ86sgYdCrEkq5MqesA3sOWjTU4 soT1j6daRXF3uyP9ZkPAJx4OGUjSf4ABIk0bQMAZmpfotrzp7S1OaQ/ZXAf/s0hK N62KcWnTps1NrcyAsT+koUIOub2GASA2wv8ChqfMh/AVBKJ5e2BfnWs8HSB1yRoA f6V2kBk32qbRBhp/hX4Gkk5KdJx2s6evBIh/Vr73PuLoDWXLWmsPNqS/2F48ckU3 zBPhnIQsH5iPU1Qy1zU/ =oSzV -----END PGP SIGNATURE-----
--- End Message ---
