Your message dated Sun, 29 Oct 2023 10:49:24 +0000 with message-id <e1qx3mc-003ucx...@fasolo.debian.org> and subject line Bug#1033252: fixed in maradns 2.0.13-1.5 has caused the Debian Bug report #1033252, regarding maradns: CVE-2022-30256 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1033252: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033252 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: maradns X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for maradns. CVE-2022-30256[0]: | An issue was discovered in MaraDNS Deadwood through 3.5.0021 that | allows variant V1 of unintended domain name resolution. A revoked | domain name can still be resolvable for a long time, including expired | domains and taken-down malicious domains. The effects of an exploit | would be widespread and highly impactful, because the exploitation | conforms to de facto DNS specifications and operational practices, and | overcomes current mitigation patches for "Ghost" domain names. https://maradns.samiam.org/security.html#CVE-2022-30256 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-30256 https://www.cve.org/CVERecord?id=CVE-2022-30256 Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---Source: maradns Source-Version: 2.0.13-1.5 Done: Aron Xu <a...@debian.org> We believe that the bug you reported is fixed in the latest version of maradns, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1033...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Aron Xu <a...@debian.org> (supplier of updated maradns package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 29 Oct 2023 18:14:50 +0800 Source: maradns Architecture: source Version: 2.0.13-1.5 Distribution: unstable Urgency: high Maintainer: Dariusz Dwornikowski <dariusz.dwornikow...@cs.put.poznan.pl> Changed-By: Aron Xu <a...@debian.org> Closes: 1033252 1035936 Changes: maradns (2.0.13-1.5) unstable; urgency=high . * Non-maintainer upload by the Security Team, patches are from Bastien Roucariès of LTS team. * CVE-2023-31137: integer underflow in the DNS packet decompression (Closes: #1035936). * CVE-2022-30256: revoked and expired domains remain resolvable for a long time (Closes: #1033252). Checksums-Sha1: e4e8ca1f5c605119884e26e30e58d3857eead7d0 1761 maradns_2.0.13-1.5.dsc 565fab4c0ff2882e3acaa25490141c2ad337d88e 48204 maradns_2.0.13-1.5.debian.tar.xz fcf773db1faec1407aa9b0a35db50091ffbb0c3b 6370 maradns_2.0.13-1.5_source.buildinfo Checksums-Sha256: a4a27818fa6440856db9315e9af994bbb75b6082a877264d0a6b4c5d42ba7877 1761 maradns_2.0.13-1.5.dsc 117e72046c205e86f1b62ae0fce9cf43348209f96c7ff528e8c8b70e68a697e6 48204 maradns_2.0.13-1.5.debian.tar.xz 0a11cd7f69b3b5f8a2cca947b50b257ffb3155e2618e7f01cf5cf11cb1364a9a 6370 maradns_2.0.13-1.5_source.buildinfo Files: 941e56123943c63bb4ea300e49e8ced3 1761 net extra maradns_2.0.13-1.5.dsc 368a8b68fc2f5d87a76f2328d3695011 48204 net extra maradns_2.0.13-1.5.debian.tar.xz 3712f2335f5ba016ed9694fbce4f3b05 6370 net extra maradns_2.0.13-1.5_source.buildinfo -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEhhz+aYQl/Bp4OTA7O1LKKgqv2VQFAmU+NZUACgkQO1LKKgqv 2VSZeQf9Gw6Okk85qmPdhy4j2fRYxzDHW8m6hvaH+Vqj4sAPuJprt/IqvUPaOqvh AgcJ2J5fT5rQUNdkVeVsAcWyj539GV1LbJbj3z96dr+dGhYzn1dV5PpXnh1yDAVP hQRtf9gBZkAIE9IT5od4i4eP5w61q/f6Z5ZpwIiOIzeOR9DSMPDGMFPM2Lc4bwjn 10aeCF5vmfm6IKdi6+PnUhxPgkG2pASqGDT0Q5iRb+87X0sGVO4Oi6n2Vg2PKIgo ZfNxqVRT7JxiDc3cNr2MUTau4wVOpHIBNNVbi8pjc79wzjN1Nkfo58ahvuFDVqQP uuW/P7Ls0rg/tyJ4grmL0Gm5PggkAg== =Exbc -----END PGP SIGNATURE-----
--- End Message ---
