Your message dated Fri, 19 Apr 2019 14:33:03 +0000 with message-id <e1hhuzb-0003qe...@fasolo.debian.org> and subject line Bug#924966: fixed in pdns 4.0.3-1+deb9u4 has caused the Debian Bug report #924966, regarding pdns: CVE-2019-3871: Insufficient validation in the HTTP remote backend to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 924966: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924966 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: pdns Version: 4.1.6-1 Severity: grave Tags: security upstream Forwarded: https://github.com/PowerDNS/pdns/issues/7573 Control: found -1 4.0.3-1+deb9u3 Control: found -1 4.0.3-1 Hi, The following vulnerability was published for pdns. CVE-2019-3871[0]: Insufficient validation in the HTTP remote backend If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-3871 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3871 [1] https://www.openwall.com/lists/oss-security/2019/03/18/4 [2] https://github.com/PowerDNS/pdns/issues/7573 [3] https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-03.html [4] https://downloads.powerdns.com/patches/2019-03/ Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: pdns Source-Version: 4.0.3-1+deb9u4 We believe that the bug you reported is fixed in the latest version of pdns, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 924...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Christian Hofstaedtler <z...@debian.org> (supplier of updated pdns package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 31 Mar 2019 13:28:32 +0000 Source: pdns Architecture: source Version: 4.0.3-1+deb9u4 Distribution: stretch-security Urgency: medium Maintainer: Debian DNS Packaging <pkg-dns-de...@lists.alioth.debian.org> Changed-By: Christian Hofstaedtler <z...@debian.org> Closes: 924966 Changes: pdns (4.0.3-1+deb9u4) stretch-security; urgency=medium . * Insufficient validation in the HTTP remote backend (CVE-2019-3871) Thanks to Salvatore Bonaccorso <car...@debian.org> (Closes: #924966) Checksums-Sha1: 6286ac85c6b1e76fd8e8f7f7810018f7e9f2210a 3387 pdns_4.0.3-1+deb9u4.dsc de3562f135d31c6ccf9363f587bb59a5f65d1d91 1312299 pdns_4.0.3.orig.tar.bz2 58aa0bdec5c3e3560cecb97e5aa5adbfeeb65293 53064 pdns_4.0.3-1+deb9u4.debian.tar.xz 131c8d9ced9dc4ca4996ac42dcaa04ee6b823126 8965 pdns_4.0.3-1+deb9u4_source.buildinfo Checksums-Sha256: afd3ac52bd69a37cafe4a1086559e9d4188305306d722d06b14a9f589446e7ed 3387 pdns_4.0.3-1+deb9u4.dsc 60fa21550b278b41f58701af31c9f2b121badf271fb9d7642f6d35bfbea8e282 1312299 pdns_4.0.3.orig.tar.bz2 506c3f73faafa1729ffc2f8af82270f8d89c4ef3994fdeb1521c6aa6876a2de7 53064 pdns_4.0.3-1+deb9u4.debian.tar.xz f9f0018ca898917f36872a6df5fb163362a997e9fc06f577163203e6dbd736d7 8965 pdns_4.0.3-1+deb9u4_source.buildinfo Files: 78b95e2eebd76f42c2b08dc98f1c788a 3387 net extra pdns_4.0.3-1+deb9u4.dsc bbb1ebed50edc0f2127d6c4331c1429a 1312299 net extra pdns_4.0.3.orig.tar.bz2 39cb4b69b561492ecb9c67053c443ba2 53064 net extra pdns_4.0.3-1+deb9u4.debian.tar.xz 11e9cd77766dd463b02a426f05527dfc 8965 net extra pdns_4.0.3-1+deb9u4_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEfRrP+tnggGycTNOSXBPW25MFLgMFAlykoFgACgkQXBPW25MF LgM+ug//YON5dKcfMjBE4AoYsdsswG57BatEUEdRrAcNn69ukeGQmbvnmlLeqqVn lSVGPHH2VaQ/TxUjx1Iy2GF2Da0DrJhv3xtRWj014QBLeym+E/AbL6wGVQTQDTID 3Cro5qYUJTVsxcqF/ntvsxsdp+1QVcLzopFzzQfQfw4sgz1uOj5fyO1mu46X+Dbk zkl4wUqmf8meBmOujmQQF9lEwixoGNirSXQAGb3EQ0Vn2j393KQmM6onEwCfspTp Eqesn5QZ2j7MPWHqTw4ENSEuztua2+k71V78yujBU9eqz0Bk4qn0K7di1w1XP57a GmWfIjshZf02VQxxljMgYlJN1UA0Z8bk33HyrxQ0uwWEDXhNtlCrouo3VVzDUhQj KIFF3ol/uiyBL8etuP8TRS+mqTtCeVsorlvp7fOjZxn857rWbq9Pf1EhdZGquiOp ArOTuZnaPL6tyWQe1dUxGWUXCZf7UcLKtXJR/R6xVHJGwrZxwiWBRIxBkrm3KuFf SdNXeatw5UhP1QCLhyRCvvANAEb1Ql3sNptyVKHPzsO8KVI/v2e3BzGsq4r6feOz kmVNZS0qfwGxgRfpJdLMahC8lparbcpMaFa3JwahlXm8Iun8Bgd6GtqGZLgxCxNF Sm2xfrGXeiVyKvxAwzGMxJsJC3k001PXZpSu86ACeCjHG9tXaSM= =to65 -----END PGP SIGNATURE-----
--- End Message ---
