Your message dated Thu, 29 Apr 2021 09:33:29 +0000 with message-id <e1lc333-000bpl...@fasolo.debian.org> and subject line Bug#987743: fixed in bind9 1:9.16.15-1 has caused the Debian Bug report #987743, regarding bind9: CVE-2021-25216 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 987743: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987743 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: bind9 Version: 1:9.16.13-1 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerability was published for bind9. CVE-2021-25216[0]: | A second vulnerability in BIND's GSSAPI security policy negotiation | can be targeted by a buffer overflow attack If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-25216 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25216 [1] https://kb.isc.org/docs/cve-2021-25216 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: bind9 Source-Version: 1:9.16.15-1 Done: Ondřej Surý <ond...@debian.org> We believe that the bug you reported is fixed in the latest version of bind9, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 987...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Ondřej Surý <ond...@debian.org> (supplier of updated bind9 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 29 Apr 2021 09:11:32 +0200 Source: bind9 Architecture: source Version: 1:9.16.15-1 Distribution: unstable Urgency: high Maintainer: Debian DNS Team <team+...@tracker.debian.org> Changed-By: Ondřej Surý <ond...@debian.org> Closes: 987741 987742 987743 Changes: bind9 (1:9.16.15-1) unstable; urgency=high . * New upstream version 9.16.15 (Closes: #987741, #987742, #987743) + CVE-2021-25214: A malformed incoming IXFR transfer could trigger an assertion failure in ``named``, causing it to quit abnormally. + CVE-2021-25215: ``named`` crashed when a DNAME record placed in the ANSWER section during DNAME chasing turned out to be the final answer to a client query. + CVE-2021-25216: When a server's configuration set the ``tkey-gssapi-keytab`` or ``tkey-gssapi-credential`` option, a specially crafted GSS-TSIG query could cause a buffer overflow in the ISC implementation of SPNEGO (a protocol enabling negotiation of the security mechanism used for GSSAPI authentication). * Add patches to implement I-D draft-hardaker-dnsop-nsec3-guidance Checksums-Sha1: 5f9d70519d693dbbf48c18ec7fa8da726810e10c 3236 bind9_9.16.15-1.dsc 5d68bbd1ff452708d45f2d4ef832faa3a1690fc7 5025688 bind9_9.16.15.orig.tar.xz 4926e0c0f0f2b667cf021a1f857f97b6280c8d1c 833 bind9_9.16.15.orig.tar.xz.asc 7c07b37263e067be9b08305982ef76f8bc67a94b 89700 bind9_9.16.15-1.debian.tar.xz 631b63a5be9a133fe2b35e3a2bc57a2dde7ff04f 15062 bind9_9.16.15-1_amd64.buildinfo Checksums-Sha256: 758b08d2917f3610bdc0b481fa81540bd29b1052de8721cbb99ab379ba3d7036 3236 bind9_9.16.15-1.dsc 98b6f432d878a7bf8f57eb7b3c28be27278cf6b9989154bfe6c81104b38e7839 5025688 bind9_9.16.15.orig.tar.xz 55628031d8c5697707e1f8ad3d8033f72ffb987cdc392d578ec4bc89c968822e 833 bind9_9.16.15.orig.tar.xz.asc 8af2c74d4a1a6ea8e3d8cc88b14248d9b447711da9dda3ce6eaee0edd485d87b 89700 bind9_9.16.15-1.debian.tar.xz 3f92cec2331f52a55d923d3e1202b8c60f3028b59b396e29f34696dbcdcb79a0 15062 bind9_9.16.15-1_amd64.buildinfo Files: 43334d6c45321a1dc5f355a446979657 3236 net optional bind9_9.16.15-1.dsc 6c6e5bb21763161bc68665b8729b3630 5025688 net optional bind9_9.16.15.orig.tar.xz a2e6a9234cd8726fd389e82dea656fec 833 net optional bind9_9.16.15.orig.tar.xz.asc 61004a2ae5bb8a04e7137c188a5ccb5f 89700 net optional bind9_9.16.15-1.debian.tar.xz 6e225c8fbbbb2db806eb1ad895165d44 15062 net optional bind9_9.16.15-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEw2Gx4wKVQ+vGJel9g3Kkd++uWcIFAmCKeENfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEMz NjFCMUUzMDI5NTQzRUJDNjI1RTk3RDgzNzJBNDc3RUZBRTU5QzIACgkQg3Kkd++u WcI9pw//f8nlyKjLDpty4Sr6U9fNK6sWUu4dGPuvh5pQvx2pnH9sigExMqnlWkfe lzqVvB02ywc+R7V63N5DzKLzbY/vLg0DPc4qLPMInw7wjFFul4rGNZ67noJlxgye Kkr/cxRaPHs2LKIeGOiRcmrJwphl25mPPMAzT/rF6JwobyjlOc9DB6hMDt/14rEO afQdy5pPrIb+8ExykS+2beKUuMhNA0rGu/cuSq8x08nZP3K7Snd2ZmcMrlAnut8K AroNxBIZYaUefXn345/M/ocYFYH35yN041nMhxCUYWJQMPKfsKjeniH1Kxvmobnn JxnaSXd2Jw4ZTxsdckJ33c3eruRaoYTBX6Bi+POrObiW3vDed6xC5izvQXW8qWO8 JpY6xOPgVX6HCpX7fVZ/ryE/p1HgZWPvBIi6izAggRm8YaMAjmGv7sVDFOL6obXm aYYff+Hq9eHoYtT4jjZBaUjZQR4W+VT4kxmA8qahUqtNgl4Ue7axierF64NEfYb0 /EJRbaUlz457rF6U6PLFvjLmRwKxaqOwcoQg6HQ9HPYWjsxgciwhDWoSoKUUvgKg PX4eQp+5r9L4SRV88wdKuLtUFlMyAH2jOnXQyfLqIWfsKrDJTAWWqVxDed5CHAbn 0jWGRCXxBBVdzbDs5TzojbD0S2MLiR0RiESeLINgyJJDlaTSLww= =gcxm -----END PGP SIGNATURE-----
--- End Message ---
