Your message dated Sat, 15 Jul 2017 21:47:22 +0000 with message-id <e1dwuui-0009yi...@fasolo.debian.org> and subject line Bug#865678: fixed in knot 2.4.0-3+deb9u1 has caused the Debian Bug report #865678, regarding knot: CVE-2017-11104: Improper TSIG validity period check can allow TSIG forgery to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 865678: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865678 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: knot Version: 2.4.3-1 Severity: grave Tags: security upstream patch Control: found -1 2.5.1-1 Hi See https://lists.nic.cz/pipermail/knot-dns-users/2017-June/001144.html and http://www.synacktiv.ninja/ressources/Knot_DNS_TSIG_Signature_Forgery.pdf and filling a bug in BTS to have a reference, afaik there is no CVE yet assigned. [16:19] < KGB-1> Yves-Alexis Perez 52846 /data/CVE/list add temporary entry for knot [16:21] < Corsac> ondrej: I guess you know about it? Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: knot Source-Version: 2.4.0-3+deb9u1 We believe that the bug you reported is fixed in the latest version of knot, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 865...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Yves-Alexis Perez <cor...@debian.org> (supplier of updated knot package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 13 Jul 2017 21:56:05 +0200 Source: knot Binary: knot libknot5 libzscanner1 libdnssec2 libknot-dev knot-dnsutils knot-host knot-doc Architecture: source Version: 2.4.0-3+deb9u1 Distribution: stretch-security Urgency: high Maintainer: Debian DNS Packaging <pkg-dns-de...@lists.alioth.debian.org> Changed-By: Yves-Alexis Perez <cor...@debian.org> Closes: 865678 Description: knot - Authoritative domain name server knot-dnsutils - Clients provided with Knot DNS (kdig, knslookup, knsupdate) knot-doc - Documentation for Knot DNS knot-host - Version of 'host' bundled with Knot DNS libdnssec2 - DNSSEC shared library from Knot libknot5 - Authoritative domain name server (shared library) libknot-dev - Knot DNS shared library development files libzscanner1 - DNS zone-parsing library from Knot Changes: knot (2.4.0-3+deb9u1) stretch-security; urgency=high . * Non-maintainer upload by the Security Team. * debian/patches: - 0001-tsig-move-signature-validity-period-check-after-the- added, fix TSIG signature validation bypass (CVE-2017-11104) closes: #865678 Checksums-Sha1: cd190e31c3b910dd139a8f60d09567a3a47193f5 2349 knot_2.4.0-3+deb9u1.dsc c1ad6007f5ecd31940f967e4370255d83869add7 1102856 knot_2.4.0.orig.tar.xz d20ac0f28e1a11cf38795b7a8692972a942ca00b 22592 knot_2.4.0-3+deb9u1.debian.tar.xz Checksums-Sha256: 72fa5a5ea38bf1131dd57065f9d5b2920104b557693ae0a066042689b421691e 2349 knot_2.4.0-3+deb9u1.dsc 0ba4d3e6951fc4d5c0e3dc88a720462690dd1d25f4bc1e7c24bb5747d3853679 1102856 knot_2.4.0.orig.tar.xz 8f023a2a91f838af742851d420ed7f5a0049e1dea2b9129b58e7ace7fc5ddfdb 22592 knot_2.4.0-3+deb9u1.debian.tar.xz Files: b58e4de0ccf430a0b878785ecd4db18a 2349 net optional knot_2.4.0-3+deb9u1.dsc 549dcc3778f12adee8d624dbc2c4de20 1102856 net optional knot_2.4.0.orig.tar.xz aa92495bdb4dbbd687e765d130cdec2a 22592 net optional knot_2.4.0-3+deb9u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEl0WwInMjgf6efq/1bdtT8qZ1wKUFAllotKkACgkQbdtT8qZ1 wKXzawf+NMh1E4IQTU0bIOlQARSzmIlT9TYWwz6Ifentl5Rrr74k9Wmr7Us8eXmM 6O5/VAJSoVW3iLC089pFnMKKNA/WR2v4ESK9BT/V4jc4I8vJd1yyzpRr9FpcV9+B dpx7wtg70SxYpUlZnZMDWqs+bgXxk3pgbliMVMgfOvaZF3Ngb+jHuD9OncJqCQrE 4afPjbhas8ZFzdD/pB4opwF2ePqhjKNRHBcUsoNr3hnh4Ek4zPw+1DQ4AAZFKRAI xwWz4f9k+XZZselDL8/FOB+ymAY3R8kLQX4IODt1SYAuBCLD8V1iAoSe/qr6myCi p88GgXgmT6diWdmV46uTX0QoXilefg== =s4Em -----END PGP SIGNATURE-----
--- End Message ---
