Your message dated Thu, 21 Sep 2023 18:19:33 +0000 with message-id <e1qjogz-003m5q...@fasolo.debian.org> and subject line Bug#1052417: fixed in bind9 1:9.19.17-1 has caused the Debian Bug report #1052417, regarding bind9: CVE-2023-4236 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1052417: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052417 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: bind9 Version: 1:9.18.16-1 Severity: grave Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: found -1 1:9.18.16-1~deb12u1 Hi, The following vulnerability was published for bind9. CVE-2023-4236[0]: | A flaw in the networking code handling DNS-over-TLS queries may | cause `named` to terminate unexpectedly due to an assertion failure. | This happens when internal data structures are incorrectly reused | under significant DNS-over-TLS query load. This issue affects BIND 9 | versions 9.18.0 through 9.18.18 and 9.18.11-S1 through 9.18.18-S1. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-4236 https://www.cve.org/CVERecord?id=CVE-2023-4236 [1] https://kb.isc.org/docs/cve-2023-4236 Regards, Salvtore
--- End Message ---
--- Begin Message ---Source: bind9 Source-Version: 1:9.19.17-1 Done: Ondřej Surý <ond...@debian.org> We believe that the bug you reported is fixed in the latest version of bind9, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1052...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Ondřej Surý <ond...@debian.org> (supplier of updated bind9 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 20 Sep 2023 18:13:07 +0200 Source: bind9 Architecture: source Version: 1:9.19.17-1 Distribution: unstable Urgency: medium Maintainer: Debian DNS Team <team+...@tracker.debian.org> Changed-By: Ondřej Surý <ond...@debian.org> Closes: 1052416 1052417 Changes: bind9 (1:9.19.17-1) unstable; urgency=medium . * New upstream version 9.19.17 - CVE-2023-3341: A stack exhaustion flaw in control channel code may cause named to terminate unexpectedly (Closes: #1052416) - CVE-2023-4236: named may terminate unexpectedly under high DNS-over-TLS query load (Closes: #1052417) Checksums-Sha1: 9420e1389ac7a41fb993681aabdffe081c7493ec 3294 bind9_9.19.17-1.dsc c867148749eef06b0501462203d91bf0b64175ff 5644580 bind9_9.19.17.orig.tar.xz d2a7c9dbe011f401daf192cc379e4afa3c22683d 833 bind9_9.19.17.orig.tar.xz.asc 1fe69f2ad652ad3510b551f0f67c58b6a173bad3 58768 bind9_9.19.17-1.debian.tar.xz 22799d90575d3e91dd7bf1a7f61b90020d03b02f 15417 bind9_9.19.17-1_amd64.buildinfo Checksums-Sha256: 3eebd753ba99f960386bb89b713f5fade678262ee97d934acebb0cbbd7b3d68f 3294 bind9_9.19.17-1.dsc d86460943ababf8fb91cb20c2807efb30c2014ba6d8b5c690ad889e328655363 5644580 bind9_9.19.17.orig.tar.xz a4a5db0fd558f4dfe9fdedd5bef851010fa5e446def5e0d14976869683982d0f 833 bind9_9.19.17.orig.tar.xz.asc 3ea74154c695d78992f941ff0069d56a0530ba9b429b5b1afcfa00fc53e76e2c 58768 bind9_9.19.17-1.debian.tar.xz e492e18ca459ade8d85fbf1ed0e3a611db35e02545f22a2d27720598f5509b65 15417 bind9_9.19.17-1_amd64.buildinfo Files: c7a3671b65a2eaccab327a5dc96cb795 3294 net optional bind9_9.19.17-1.dsc 534c24d4bc2de30adc62ef7612cd3dde 5644580 net optional bind9_9.19.17.orig.tar.xz b739c3c0258ba15f226915481c0e36dd 833 net optional bind9_9.19.17.orig.tar.xz.asc 548011800fa7daf557cc91d3963d79a8 58768 net optional bind9_9.19.17-1.debian.tar.xz 98329a37818157b9a8c661987818b59d 15417 net optional bind9_9.19.17-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEw2Gx4wKVQ+vGJel9g3Kkd++uWcIFAmUMhmVfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEMz NjFCMUUzMDI5NTQzRUJDNjI1RTk3RDgzNzJBNDc3RUZBRTU5QzIACgkQg3Kkd++u WcJPHA/+OVeA8xdC9t/jKRa0bvkGDcweEK+3nuLbYAij/lIUaZfrzrHdLZXzzaot l9GuIFW33ANPvlxL0QG93X9ymgs80r/ukO/BZNnPGRah6AhhtCo7MR7OEphtW2qd fa9pROcf96gMax48s6TgmDiymE+6s5WGuLciB5dWmmar+2QAfonA0Wf5tYJF+DO9 Juaqq/FJoOrC3v0AmVI6Un8oCvwz1q5jwZj57CqIgfZu+r0knTu6O4yquBNhE6aG vDsHdmm8TOFl/pz4ywBr62t2bf32M3Wgipb3OWMBoq50wu4CXOOg3HwgYsQ3SCN3 +nI83HeCa4kljWBDy3QnkAJMSptiZ0pd76dKez7U1fWoAZEj5OqecV/kESxYJlwM T3c2pzAVXo7LTdHaTdVF+975qjBgQ+poTTLCOjA0U02XekPKOYZDNVIJpbpXLhXf wphLlm//ssXihC0E3iOe0S6bEJ5Xj2NM3qt83Sa7GxU+QEYnaDf4XSksi1Wl3tgM S1xOrMo1egMA5a4Qy9peMmS534djnVgpJmUCeDwUgaQoGeNTRqXAiel+FPQmXc0H qudaQDbLLbo/xCuMLwwOicPXoZDeECMhyqa9JOndaLzgN/WVTxNMh2Vf/X0wYvLw JJZgKEqrm6aFZ1KA0tzcyNcJFoQakJnVt3et0+Ygq2c2wmiE6r0= =a3WO -----END PGP SIGNATURE-----
--- End Message ---
