Your message dated Wed, 14 Feb 2024 10:32:18 +0000
with message-id <e1racys-004fy9...@fasolo.debian.org>
and subject line Bug#1063845: fixed in unbound 1.17.1-2+deb12u2
has caused the Debian Bug report #1063845,
regarding unbound: Package 1.19.1 to fix CVE-2023-50387 and CVE-2023-50868
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1063845: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063845
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: unbound
Version: 1.18.0-2
Severity: important
Tags: security
X-Debbugs-Cc: Debian Security Team <t...@security.debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Today 2 remote exploitable High Severity CVE's were published and
unbound has released version 1.19.1 to fix those.
Relevant links:
https://fosstodon.org/@nlnetlabs/111924266007688683
https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/
https://kb.isc.org/docs/cve-2023-50387
https://kb.isc.org/docs/cve-2023-50868
I think a Release Critical Severity is more appropriate, but none of
the (by reportbug) presented options were applicable. It seems reportbug
then changed it to 'normal', which I manually changed to 'important'.
Fixing this bug would also fix bug #1051817, #1051818 and #1056631.
Link: https://bugs.debian.org/1051817
Link: https://bugs.debian.org/1051818
Link: https://bugs.debian.org/1056631
- -- System Information:
Debian Release: trixie/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (101, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 6.6.13-amd64 (SMP w/16 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
-----BEGIN PGP SIGNATURE-----
iHUEARYIAB0WIQT1sUPBYsyGmi4usy/XblvOeH7bbgUCZcuATAAKCRDXblvOeH7b
buedAP0QEqqGjjN4ZP8nu+WdKqrUWupLtsaN6FqEyNOd5OSp3QD/Wfh/sE5azFqf
99HKnBGhNVhrnxlNYIPlEjIns5pVDQs=
=thcd
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Source: unbound
Source-Version: 1.17.1-2+deb12u2
Done: Salvatore Bonaccorso <car...@debian.org>
We believe that the bug you reported is fixed in the latest version of
unbound, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1063...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <car...@debian.org> (supplier of updated unbound package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 13 Feb 2024 21:00:13 +0100
Source: unbound
Architecture: source
Version: 1.17.1-2+deb12u2
Distribution: bookworm-security
Urgency: high
Maintainer: unbound packagers <unbo...@packages.debian.org>
Changed-By: Salvatore Bonaccorso <car...@debian.org>
Closes: 1063845
Changes:
unbound (1.17.1-2+deb12u2) bookworm-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Address DNSSEC protocol vulnerabilities (Closes: #1063845)
- Fix CVE-2023-50387, DNSSEC verification complexity can be exploited to
exhaust CPU resources and stall DNS resolvers.
- Fix CVE-2023-50868, NSEC3 closest encloser proof can exhaust CPU.
Checksums-Sha1:
40d697c2b923e9735801f2a49971fee120419579 3355 unbound_1.17.1-2+deb12u2.dsc
90da3bb8883931e30384057722dd9d1df4286f46 6244773 unbound_1.17.1.orig.tar.gz
6b754d1c792a1f6d01d6706a75777b87d434b134 833 unbound_1.17.1.orig.tar.gz.asc
8cb0fcbabeb7ed8af8a13a75f795a80074bf634a 46420
unbound_1.17.1-2+deb12u2.debian.tar.xz
Checksums-Sha256:
a7120468620010e676d854e957076badd459f3efb1e814abc2db770a20a8ae74 3355
unbound_1.17.1-2+deb12u2.dsc
ee4085cecce12584e600f3d814a28fa822dfaacec1f94c84bfd67f8a5571a5f4 6244773
unbound_1.17.1.orig.tar.gz
b66a35d11545a1334b8aec1848c8c7ee0e01ef4a2950f2260a7c26b6fd61bfbf 833
unbound_1.17.1.orig.tar.gz.asc
b875917bdff790318101725a2de00192452f28c0bc0471d6cf7d063f7b9c3288 46420
unbound_1.17.1-2+deb12u2.debian.tar.xz
Files:
b85dd2bb575c6ac35a982617c6825081 3355 net optional unbound_1.17.1-2+deb12u2.dsc
bb96df2dc579c11ada537dbc52781abc 6244773 net optional
unbound_1.17.1.orig.tar.gz
8a6399230741197bdd17cc7e7686fe31 833 net optional
unbound_1.17.1.orig.tar.gz.asc
431830533557532a7547047a8a1faa68 46420 net optional
unbound_1.17.1-2+deb12u2.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmXLzDVfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89E3WMP/0aO+ZqI3L4ZKeugQ0UJV3sGlHTwmu2o
sMOe47Tune2jWSYMmJ+vSkivfCaqF7a7WJm8R7oLXpc2VJUg5pFcdJbWcX4oKbH/
RZO56Bvuf5Dm4ieqa42QuMyh0pX83yxFhC2Q8Y2Txz8/UB1rcx96pmW9rXv0aOqW
OlTsY6b4k6yjpswu955n5SYOVgKsdnmpTViHI+kjIYcHJGNKp3nlTQfTScDHWKQq
eaNZQ+k20dz8WdlzzVNvWimaiyFKo2VIVbN2fsIOsPQwfnNRLVrew3M8znp0EukJ
mD2SfndzzPViaQoHciD3GpfVsQJabEQvKN4cuyLoEAtE7G7w8YoztMHgQRSqDeXd
3E1/9CYxehZGs3bNwaAaBL2+q5Dkglh8E3rs16GsFYdwZeGIoeTVQ+baZhhfHhYq
i/TyvXbgt4ACSf8uIXzn4SWhD6U8KHQDMctfN3PxiV8yslp4Akd9VO7fQjgQvU4b
ZwCWMLJRZf1eXRophYwdjiFF7/XSYx806kY0o8gSReJvldMk5up/JjbmBsZciPVx
oGUbtxGmGa8Ow8KMmloeiYA9R/iBhq6YGdhPCk2wl8eTTypPezCt26jiYMspurFV
h5uWhOuhT2FATVFDmMl/EsJ8zn2BAnVxwQN2bEtzg+1sSB0qEndfXOCK5Piwlhpi
E8NB2/vUqMlF
=zpO/
-----END PGP SIGNATURE-----
pgpEYIt0G2wbi.pgp
Description: PGP signature
--- End Message ---
