Your message dated Sat, 15 Jul 2017 20:47:53 +0000 with message-id <e1dwtyj-000hnv...@fasolo.debian.org> and subject line Bug#865678: fixed in knot 1.6.0-1+deb8u1 has caused the Debian Bug report #865678, regarding knot: CVE-2017-11104: Improper TSIG validity period check can allow TSIG forgery to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 865678: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865678 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: knot Version: 2.4.3-1 Severity: grave Tags: security upstream patch Control: found -1 2.5.1-1 Hi See https://lists.nic.cz/pipermail/knot-dns-users/2017-June/001144.html and http://www.synacktiv.ninja/ressources/Knot_DNS_TSIG_Signature_Forgery.pdf and filling a bug in BTS to have a reference, afaik there is no CVE yet assigned. [16:19] < KGB-1> Yves-Alexis Perez 52846 /data/CVE/list add temporary entry for knot [16:21] < Corsac> ondrej: I guess you know about it? Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: knot Source-Version: 1.6.0-1+deb8u1 We believe that the bug you reported is fixed in the latest version of knot, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 865...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Yves-Alexis Perez <cor...@debian.org> (supplier of updated knot package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 14 Jul 2017 14:11:36 +0200 Source: knot Binary: knot knot-libs knot-dbg knot-dnsutils knot-host knot-doc Architecture: source amd64 all Version: 1.6.0-1+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Ondřej Surý <ond...@debian.org> Changed-By: Yves-Alexis Perez <cor...@debian.org> Description: knot - authoritative domain name server knot-dbg - Debug symbols for Knot DNS knot-dnsutils - Clients provided with Knot DNS (kdig, knslookup, knsupdate) knot-doc - Documentation for Knot DNS knot-host - Version of 'host' bundled with Knot DNS knot-libs - authoritative domain name server Closes: 865678 Changes: knot (1.6.0-1+deb8u1) jessie-security; urgency=high . * Non-maintainer upload by the Security Team. * debian/patches: - 0001-tsig-move-signature-validity-period-check-after-the- added, fix TSIG signature validation bypass (CVE-2017-11104) closes: #865678 Checksums-Sha1: c98698e4096f9d7f98cc0923c1c5b152fd3e4016 2018 knot_1.6.0-1+deb8u1.dsc 7c005d549bf8946743b8e02a1369a94b92ba1629 781192 knot_1.6.0.orig.tar.xz e35bed027d7d6023d35fac7498ba796a1775b285 17744 knot_1.6.0-1+deb8u1.debian.tar.xz 3d7babb3008aa1ded4b20c8a55cdab242d7a7517 203532 knot_1.6.0-1+deb8u1_amd64.deb 8a421826543ccbcbf1daf4c51d97afdc64b7c929 168174 knot-libs_1.6.0-1+deb8u1_amd64.deb 330f721d0d83dcb741b816ae75ea2606b2cee2e9 1773014 knot-dbg_1.6.0-1+deb8u1_amd64.deb 5e915b33be3ce5bb3d10ca7d880e6c5ad51f3c64 66904 knot-dnsutils_1.6.0-1+deb8u1_amd64.deb 5f936812663b3879ed61e554b73ef1759ff71520 49744 knot-host_1.6.0-1+deb8u1_amd64.deb ea7d8cdcf0959fdef08cb29841b64806bde10064 448320 knot-doc_1.6.0-1+deb8u1_all.deb Checksums-Sha256: e8c6babce53b8d885e63f276e14ac1051147f8094c8a68aa970dba729b3933a8 2018 knot_1.6.0-1+deb8u1.dsc 38d6c19c70f0640bc9331afd1bee61196c647f138f4d36bdea7d0e1b49514f46 781192 knot_1.6.0.orig.tar.xz 169dfa98ce408d00add4b93c73246443834c730f0910f9147bf275ab3a8d92e1 17744 knot_1.6.0-1+deb8u1.debian.tar.xz e5c84db19c7afd7e50976aad47ddce74c82b9ad906841845f3fbf6b31c727157 203532 knot_1.6.0-1+deb8u1_amd64.deb 0af985056c7b098fe1da0cc31a4af440b5c50081043714d8845a6e638961e8c7 168174 knot-libs_1.6.0-1+deb8u1_amd64.deb a1f813a61d568043607bd0c3e794632531ab429e53ada987c9a35765ffd9a6da 1773014 knot-dbg_1.6.0-1+deb8u1_amd64.deb 972128fcc7c15bd89df7ee9b7f44a9a7d4299281a0dfafbeebb5ad869fb26d27 66904 knot-dnsutils_1.6.0-1+deb8u1_amd64.deb 28c8f87375d5d12d27e5084597e4d1db4b81e5c8f199795ff4e52a6f62648a46 49744 knot-host_1.6.0-1+deb8u1_amd64.deb 6213e9d5304ee8b9a1587c7477c9a2033c8b8e122d04f2ffad0559a8213e07f3 448320 knot-doc_1.6.0-1+deb8u1_all.deb Files: 3098ea100fa17048bb377ccf3c13fbb0 2018 net optional knot_1.6.0-1+deb8u1.dsc 63cd27658e05a7cd4f950b7e0b5c723a 781192 net optional knot_1.6.0.orig.tar.xz b1a186db075c3b261580b64f82025ec6 17744 net optional knot_1.6.0-1+deb8u1.debian.tar.xz 9de68c366084b6d926204a88d774b3ea 203532 net optional knot_1.6.0-1+deb8u1_amd64.deb f024fdcac2df16026e6532c4ed07c2b8 168174 libs optional knot-libs_1.6.0-1+deb8u1_amd64.deb d516a656ec9076b369bd13da2e4f3841 1773014 debug extra knot-dbg_1.6.0-1+deb8u1_amd64.deb b3723db8a7a03c8657647a57cccb17be 66904 net optional knot-dnsutils_1.6.0-1+deb8u1_amd64.deb 3a4dd15ee90d4f345fc1e5520ab1b4fe 49744 net optional knot-host_1.6.0-1+deb8u1_amd64.deb 999da006c2abf553d6659e03a85b0436 448320 doc optional knot-doc_1.6.0-1+deb8u1_all.deb -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEl0WwInMjgf6efq/1bdtT8qZ1wKUFAlloxxAACgkQbdtT8qZ1 wKWYGwf/UK1m4wV16b7/J7gpt7BPRh0TBp6A6r75G/0am5B6j3oQgCe9gOWg3Avl FKmivd1tF8oZhc2lv6d5HS2nR39RrrTcjiCvd4U4kWKtQE4CB83wi112GKhfRNPC NnvD+eFml603N15vjsqrDRgpLPAPInsWUJxxPHQP9LxHKOsdAm34q52Q8iFa92PH Nur5s2LowEElSBBQnTAmMcukwQL5cCXjnB32ddCmxlAHVSzDvHk5Cp7FoccJ3xZu uKCPdNcYYS4mXiipMOuMFlLBtTpKP7dcenNwtDq/UyX5jxvUfcuxRYI231L57Sn/ 0u2TetX6uIcxjJFY+M4thj8Y2t8vTA== =fcDC -----END PGP SIGNATURE-----
--- End Message ---
