Your message dated Sun, 31 Mar 2019 13:18:53 +0000 with message-id <e1haamp-000bsc...@fasolo.debian.org> and subject line Bug#924966: fixed in pdns 4.1.6-2 has caused the Debian Bug report #924966, regarding pdns: CVE-2019-3871: Insufficient validation in the HTTP remote backend to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 924966: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924966 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: pdns Version: 4.1.6-1 Severity: grave Tags: security upstream Forwarded: https://github.com/PowerDNS/pdns/issues/7573 Control: found -1 4.0.3-1+deb9u3 Control: found -1 4.0.3-1 Hi, The following vulnerability was published for pdns. CVE-2019-3871[0]: Insufficient validation in the HTTP remote backend If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-3871 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3871 [1] https://www.openwall.com/lists/oss-security/2019/03/18/4 [2] https://github.com/PowerDNS/pdns/issues/7573 [3] https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-03.html [4] https://downloads.powerdns.com/patches/2019-03/ Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: pdns Source-Version: 4.1.6-2 We believe that the bug you reported is fixed in the latest version of pdns, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 924...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Chris Hofstaedtler <z...@debian.org> (supplier of updated pdns package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 31 Mar 2019 12:48:59 +0000 Source: pdns Architecture: source Version: 4.1.6-2 Distribution: unstable Urgency: high Maintainer: pdns packagers <p...@packages.debian.org> Changed-By: Chris Hofstaedtler <z...@debian.org> Closes: 924966 Changes: pdns (4.1.6-2) unstable; urgency=high . [ Salvatore Bonaccorso ] * Insufficient validation in the HTTP remote backend (CVE-2019-3871) (Closes: #924966) Checksums-Sha1: 00bc3fe46856aa7c67075d72a12a2a0c507d8778 3319 pdns_4.1.6-2.dsc 61d806f124b82b9b54056a90dd1fff75b3267311 44696 pdns_4.1.6-2.debian.tar.xz 76a616732181d63a11794d8aff50ede00fda0697 9428 pdns_4.1.6-2_source.buildinfo Checksums-Sha256: 02336c85b5490513aeab8597ebedb5b9ec02d3deb997acb8390d7475d59da33b 3319 pdns_4.1.6-2.dsc 609dd418defbec96767b1ac843e6fd3e9df2487b811b5e4d301b46394d2657e3 44696 pdns_4.1.6-2.debian.tar.xz 087860edc753cbc78aeda205f24a13d422756c26a618409b5dfd1090586579cb 9428 pdns_4.1.6-2_source.buildinfo Files: b9e61078cfdef9d1962b796fda8c5c48 3319 net optional pdns_4.1.6-2.dsc ba695d7f4bf638359132cf0f030349c7 44696 net optional pdns_4.1.6-2.debian.tar.xz 385aa47317ae51db20948bc5fb733f66 9428 net optional pdns_4.1.6-2_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEfRrP+tnggGycTNOSXBPW25MFLgMFAlyguhUACgkQXBPW25MF LgOngg//ThMstxoOYLeSGdXG8E4H5DAFhesSA8VMNTXGFqu41c1Yp3GV0oVZRNLi ipbwN9pvDFfeTrueRsqJwqccehWgn+67eIiIkIwxJvnFIMvBC6n/5devY3T/hZpD 0bXvlMmPEOmyLkoK1vVvLMurkTsyYZhuFEYE8GxF84I+v+gDbReZnE1/H1V66G5+ b+KrGwfehgqTyFfI+XUmfX+x2Acoimhv0aGNOJ7lgUTZUNnz/Rd1w6MNrzHQgoxz QW7pV1N7mwBawiXG09p3cPi73BqqngFNEpwMi/5GVWTvF+NZ4l/3g7LtPX1QKRbo WoGoqaWrcgLsBB1vbxGlrnYIHJn8mhxxeJzSL4aG5DFn7245g1zMwTnt3P10PJD9 LJl9SXPJPKogzcLF3csevcsT3bhf68kjvPD2p0W+2QEkIF6ypyzHRENkkUPfC1wH +Bj4jDIgARvPiywjWWs3iMKHKGKey3jf9Ri2Qd1gowpMR+frTc5bn+CwvyWuJolg KG0+VXeBkDKKXNsZQa1Iw4pAUHT3Ylj2d/u9yG9qB1P2nkXkKIgbGbzlFrYxi6Y/ mxaxIAdxHht9dksGBO7TyKBIuaHF4I/d1i04JNni1objAvmqle1JcXWFGVWGOMsx kahaF+QhI3J2CXluwCpyKic/0qCRcRgzzGIn8l6Fp+9uNI3cFfc= =dMiq -----END PGP SIGNATURE-----
--- End Message ---
