Your message dated Fri, 06 Sep 2024 01:34:41 +0000
with message-id <e1smns1-009o4d...@fasolo.debian.org>
and subject line Bug#1080964: fixed in aardvark-dns 1.12.2-1
has caused the Debian Bug report #1080964,
regarding aardvark-dns: CVE-2024-8418
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1080964: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1080964
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: aardvark-dns
Version: 1.12.1-2
Severity: grave
Tags: security upstream
Forwarded: https://github.com/containers/aardvark-dns/issues/500
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi,
The following vulnerability was published for aardvark-dns.
CVE-2024-8418[0]:
| A flaw was found in Aardvark-dns versions 1.12.0 and 1.12.1. They
| contain a denial of service vulnerability due to serial processing
| of TCP DNS queries. This flaw allows a malicious client to keep a
| TCP connection open indefinitely, causing other DNS queries to time
| out and resulting in a denial of service for all other containers
| using aardvark-dns.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-8418
https://www.cve.org/CVERecord?id=CVE-2024-8418
[1] https://github.com/containers/aardvark-dns/issues/500
[2] https://github.com/containers/aardvark-dns/pull/503
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: aardvark-dns
Source-Version: 1.12.2-1
Done: Reinhard Tartler <siret...@tauware.de>
We believe that the bug you reported is fixed in the latest version of
aardvark-dns, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1080...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Reinhard Tartler <siret...@tauware.de> (supplier of updated aardvark-dns
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 05 Sep 2024 20:50:47 -0400
Source: aardvark-dns
Architecture: source
Version: 1.12.2-1
Distribution: unstable
Urgency: medium
Maintainer: Reinhard Tartler <siret...@tauware.de>
Changed-By: Reinhard Tartler <siret...@tauware.de>
Closes: 1080964
Changes:
aardvark-dns (1.12.2-1) unstable; urgency=medium
.
* New upstream relase.
* Fixes: CVE-2024-8418: TCP connections where not handled correctly
which allowed a container to block dns queries for other clients on
the same network, Closes: #1080964
* Normalize patches with gbp pq
* Add autopkgtest that runs upstream integration tests
Checksums-Sha1:
26c4ce0d4104385153e32558cc3fdeb0fb5670c0 2719 aardvark-dns_1.12.2-1.dsc
ba90656ac2895f82bb8f00b8ee40604f0a607326 60221 aardvark-dns_1.12.2.orig.tar.gz
4886c6455d2390a8b844dd6a99b7d8171e1a1dd0 4732
aardvark-dns_1.12.2-1.debian.tar.xz
Checksums-Sha256:
89e578c19d9409820bc31e54685c9edd420c102604e384027cf1847775ba9df3 2719
aardvark-dns_1.12.2-1.dsc
4d140f6700003330fdddf7d4b02eb0f40351c5d8cc403a253601187f95547b90 60221
aardvark-dns_1.12.2.orig.tar.gz
de6eeb16507583a6e31a9ca487bee4662ad720cfd4ca0854a138bf1ab960b25d 4732
aardvark-dns_1.12.2-1.debian.tar.xz
Files:
6fca95cc6a32c870b84e17f69e799acb 2719 net optional aardvark-dns_1.12.2-1.dsc
48c518a4225b7ad53bdaedea29a63534 60221 net optional
aardvark-dns_1.12.2.orig.tar.gz
a4f62cfb24519a67d3deae1a4379fb1d 4732 net optional
aardvark-dns_1.12.2-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQJIBAEBCgAyFiEEMN59F2OrlFLH4IJQSadpd5QoJssFAmbaWM4UHHNpcmV0YXJ0
QHRhdXdhcmUuZGUACgkQSadpd5QoJsvZSxAAg59Iazl/esXYFLwsC1npD4MGtsh7
w4okiFjTyy8VDcRxVc2k0dU20BKf9dbqMCFVOubPDqyI0evDFSyuI0TrFCE4glvX
/SzEcW1AaWJyYTJIIS96POyWf45gRrrr/owDZqec3avI+jied8udhggXDoQ+e31k
W9CMjAhzIx6oyUf0j+rk68HxasgVMGVRi0HEqkElx/YiEfAhiYECx+tJXLYZ1TRs
kP2fifHvVKVIyFD2JZd0wtDyM/Eu+itTipCgN00zqQyp1/hUN4BxmeGZab6zC3dW
coupNY1KyHp7IcL8c0rL8iosrnrjiMgwOrF6EO3Xsny+IBry98P0nMNDGgIm9c2d
fCR1VwGhwviSfoLxXbUi3lyJo+LP0ltB6XGp61rr/yyKKgwOf7Iz+0OrCzllL3od
i3pTR3+/9oUhRcyNPfXh8gv0LabxMm8rwXEW0mMvSWIKNSpDX/t262++QT1rFIgM
DYRE4s+xx9WAM10/ty1vebkAYeLhjq0MDsmv8HglhDtuwZ6X8RHpLvmaqoKSe6CB
4nugFgLyhsbQlPnMHRRp8SeR/y+GrrzilBrcxIbOq8K2YknX6LnMI7Zu/ymD9tuZ
WlOueZ6EH3iVFgO+HBaCpwR9nt4fs+Y9WWIJQ8q59FjLMp0POJRzQ2CcoemmmwNB
C9ed4EvqSNcho0k=
=tfFS
-----END PGP SIGNATURE-----
pgpiPAoTtObcS.pgp
Description: PGP signature
--- End Message ---
