Your message dated Thu, 29 Jun 2023 22:32:33 +0000 with message-id <e1qf0bl-00cimu...@fasolo.debian.org> and subject line Bug#1033252: fixed in maradns 2.0.13-1.4+deb11u1 has caused the Debian Bug report #1033252, regarding maradns: CVE-2022-30256 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1033252: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033252 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: maradns X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for maradns. CVE-2022-30256[0]: | An issue was discovered in MaraDNS Deadwood through 3.5.0021 that | allows variant V1 of unintended domain name resolution. A revoked | domain name can still be resolvable for a long time, including expired | domains and taken-down malicious domains. The effects of an exploit | would be widespread and highly impactful, because the exploitation | conforms to de facto DNS specifications and operational practices, and | overcomes current mitigation patches for "Ghost" domain names. https://maradns.samiam.org/security.html#CVE-2022-30256 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-30256 https://www.cve.org/CVERecord?id=CVE-2022-30256 Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---Source: maradns Source-Version: 2.0.13-1.4+deb11u1 Done: Aron Xu <a...@debian.org> We believe that the bug you reported is fixed in the latest version of maradns, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1033...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Aron Xu <a...@debian.org> (supplier of updated maradns package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 27 Jun 2023 14:30:53 +0800 Source: maradns Architecture: source Version: 2.0.13-1.4+deb11u1 Distribution: bullseye-security Urgency: high Maintainer: Dariusz Dwornikowski <dariusz.dwornikow...@cs.put.poznan.pl> Changed-By: Aron Xu <a...@debian.org> Closes: 1033252 1035936 Changes: maradns (2.0.13-1.4+deb11u1) bullseye-security; urgency=high . * Non-maintainer upload by the Security Team, patches are from Bastien Roucariès of LTS team. * CVE-2023-31137: integer underflow in the DNS packet decompression (Closes: #1035936). * CVE-2022-30256: revoked and expired domains remain resolvable for a long time (Closes: #1033252). Checksums-Sha1: 89b1a7d2f08c8090f0b36e134ee6485f98c74fd1 1793 maradns_2.0.13-1.4+deb11u1.dsc 3fde455f7a3fa4242680840509e12e9cb790acde 1148494 maradns_2.0.13.orig.tar.bz2 0b716c7125737e5a076febdfbee5b8f96a900374 48220 maradns_2.0.13-1.4+deb11u1.debian.tar.xz 8f78d5efbdb6a227090aa1bdc522b7cf0404fa48 6247 maradns_2.0.13-1.4+deb11u1_source.buildinfo Checksums-Sha256: 0aba52e0dce6dc2cefcae234631cf6d8655313d0b863feab8bb3188da8ab2143 1793 maradns_2.0.13-1.4+deb11u1.dsc 661ea06fb18df6d2469b2bf824ffd93545a091af185362cbc738d1aa408210c3 1148494 maradns_2.0.13.orig.tar.bz2 4148cace1b9d6f7695848ba3ff0c63c3a9d6c1aa1589c138440052e34fc8e30a 48220 maradns_2.0.13-1.4+deb11u1.debian.tar.xz e890deeeb97c3f3f013cc2e4dbddb51640586e4cb47d13549e85b757a486c5cc 6247 maradns_2.0.13-1.4+deb11u1_source.buildinfo Files: a3a0d4bb1a4fc8f289586be35497a607 1793 net extra maradns_2.0.13-1.4+deb11u1.dsc b72f61b3b942d971712cf0f0a68a2966 1148494 net extra maradns_2.0.13.orig.tar.bz2 e42189f79deca8695701f89a8a22c644 48220 net extra maradns_2.0.13-1.4+deb11u1.debian.tar.xz ede659cfb860d06ac3380da3651b8242 6247 net extra maradns_2.0.13-1.4+deb11u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEhhz+aYQl/Bp4OTA7O1LKKgqv2VQFAmSamqcACgkQO1LKKgqv 2VS5MAgAywLbREaquAwaGIvjlKhXswnLiYJKq6+ayzlMHnBy6PvEU3rCSpA+r6RG pADJF0dLHlu4YjWCWkPPF2T8mxRnfz7cbsXQhsy3Ay42mG46yf1HkN+nYPr9cJpQ ObCExTkNhSr38Ho7qpTs91kWLOjfRW9+Bdo/vG7Erc9gAoZPrXzY8um6XiFwD9lO VXuMVGj3Z0S7/tVLOkcu3glAAcj+NyzlOlvOeTihEHDfuGIs8JdB8xiMTCOqHNSL 4wo8zkh8WdjmTx46TifnU7VWKfYwszl8qAu+sIEAFaW5qYzMF6GHO8qm/fNm0Pan hCdvd6jQVMZQendeEoLyuaIjr1M5CQ== =qgQV -----END PGP SIGNATURE-----
--- End Message ---
