Your message dated Fri, 21 Jun 2019 13:49:40 +0000 with message-id <e1hejva-000czx...@fasolo.debian.org> and subject line Bug#930746: fixed in bind9 1:9.11.5.P4+dfsg-5.1 has caused the Debian Bug report #930746, regarding bind9: CVE-2019-6471: A race condition when discarding malformed packets can cause BIND to exit with an assertion failure to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 930746: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930746 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: bind9 Version: 1:9.11.5.P4+dfsg-5 Severity: grave Tags: security upstream Control: clone -1 -2 Control: reassign -2 src:bind 1:9.13.3-1 Control: retitle -2 bind: CVE-2019-6471: A race condition when discarding malformed packets can cause BIND to exit with an assertion failure Hi, The following vulnerability was published for bind9. CVE-2019-6471[0]: |A race condition when discarding malformed packets can cause BIND to |exit with an assertion failure If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-6471 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6471 [1] https://kb.isc.org/docs/cve-2019-6471 Please adjust the affected versions in the BTS as needed, I think the version back in stretch is not affected but this needs double-checking. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: bind9 Source-Version: 1:9.11.5.P4+dfsg-5.1 We believe that the bug you reported is fixed in the latest version of bind9, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 930...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated bind9 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 21 Jun 2019 11:24:31 +0200 Source: bind9 Architecture: source Version: 1:9.11.5.P4+dfsg-5.1 Distribution: unstable Urgency: high Maintainer: Debian DNS Team <team+...@tracker.debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 930746 Changes: bind9 (1:9.11.5.P4+dfsg-5.1) unstable; urgency=high . * Non-maintainer upload. * move item_out test inside lock in dns_dispatch_getnext() (CVE-2019-6471) (Closes: #930746) Checksums-Sha1: c6fc13e76d616677fc04bd38da4c049370f7b6a9 4089 bind9_9.11.5.P4+dfsg-5.1.dsc 6c4b43049b48a18627fbd2f130b1a7f5709f126c 104140 bind9_9.11.5.P4+dfsg-5.1.debian.tar.xz Checksums-Sha256: 6efea0515ca76b12924b63a19bd00ec85103ffc7c8ea88b2581d70bd8951bd03 4089 bind9_9.11.5.P4+dfsg-5.1.dsc c1968868eb52cb1a91ece1d815971a0c72a938591d832161429a2b0c1c85d0a1 104140 bind9_9.11.5.P4+dfsg-5.1.debian.tar.xz Files: 3efa3a687305755ed37477f08a1c1ee9 4089 net optional bind9_9.11.5.P4+dfsg-5.1.dsc 48056b1f79a966484b78801cf976555a 104140 net optional bind9_9.11.5.P4+dfsg-5.1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl0M3jlfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89ELLQQAI2iKqak52qMqyr9iFZvT0mRlkcF9D+B s29alohtMxq/1IvfeZ8Remvd367EwqroTsI/uUCpaawCa3oHiJWwc0WV07eBulyV pdq7/1JCWsWxBOb9UTt1QIuN5M1o8YBBxhLFFN5MDGcGx6oHmuDifPfJAVZT8M6K XTU8+8izBHUa2RGkxZnWdG8e3Sk0thue9Kja4yT6SGVk2m26dnI3kEGCmnnRT7sg 3BkLF8V1XsV2EdJAaZY2UKyCU2XVkmZ20KiCNJgH3uMEjv8TRVEpfGeb6AZQIMOv R39+FxuDsEcZrJykJlF9PcJBo0RrVutf2SzlRJO7YJi1fPfYt7giwqG+VmQRj6Tz noUOcktvPGnd1VJvBkmgYf/1n2iBrPUDFnn85n0BXBl74WnOGmmn4e0wIB0Edgff zknJ0ZKTAtEQv5/4BnPCqm36WICbX75l09/C22xKzR7ah098tXz4rcYH8tBPK5W+ hgawOoEEI5BcNybJby/rlm5yRWbxdhueqtGJISBaoG4/BOL31m0D6c75OFlTca3X teFlThTYqZvXGFoaD73RFZ7/QIc0E+NaXwpQVdLOl/iV6npm5R6UIXk/m9F1LfbM mdBM6pVCli44lJ/c9ELhcMmvDY+yCZvDWWVuFaHYFpb96gfcoLWGknnAVG12ynfs FjOHtxgNWpAR =jzmC -----END PGP SIGNATURE-----
--- End Message ---
