Your message dated Tue, 29 Apr 2025 17:14:32 +0200
with message-id
<q74b6cf3cev5z5y4bp3ggd63k6j7zygc2mit55wfvyhrdkfj3j@l3xltn6openr>
and subject line Accepted dnsdist 1.9.9-1 (source) into unstable
has caused the Debian Bug report #1104351,
regarding dnsdist: CVE-2025-30194
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1104351: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104351
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: dnsdist
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for dnsdist.
CVE-2025-30194[0]:
| When DNSdist is configured to provide DoH via the nghttp2 provider,
| an attacker can cause a denial of service by crafting a DoH exchange
| that triggers an illegal memory access (double-free) and crash of
| DNSdist, causing a denial of service. The remedy is: upgrade to the
| patched 1.9.9 version. A workaround is to temporarily switch to the
| h2o provider until DNSdist has been upgraded to a fixed version. We
| would like to thank Charles Howes for bringing this issue to our
| attention.
https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2025-02.html
https://github.com/PowerDNS/pdns/issues/15475
bookworm isn't affected, I've updated the Security Tracker accordingly.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-30194
https://www.cve.org/CVERecord?id=CVE-2025-30194
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: dnsdist
Source-Version: 1.9.9-1
Format: 1.8
Date: Tue, 29 Apr 2025 14:27:45 +0200
Source: dnsdist
Architecture: source
Version: 1.9.9-1
Distribution: unstable
Urgency: medium
Maintainer: dnsdist packagers <dnsd...@packages.debian.org>
Changed-By: Chris Hofstaedtler <z...@debian.org>
Changes:
dnsdist (1.9.9-1) unstable; urgency=medium
.
* New upstream version 1.9.9 including fix for CVE-2025-30194
Checksums-Sha1:
37e6abbae68af30db9e72c5e59ca7fc11068ed01 2522 dnsdist_1.9.9-1.dsc
dd2377128f36c39437e6b7d475f2fdf814e316de 1609983 dnsdist_1.9.9.orig.tar.bz2
3cd4bdb0727160e6f848899132694a5f7357dd2e 488 dnsdist_1.9.9.orig.tar.bz2.asc
ff538b2226e6984cf034f48c25d44a3bf29c5c69 17328 dnsdist_1.9.9-1.debian.tar.xz
1fad8e1e51e84b8309b7387b918690ba39c325ee 15640 dnsdist_1.9.9-1_arm64.buildinfo
Checksums-Sha256:
1f822918121a325b091910aa5352276c26b00dd91d4c8c11700ab68375a1f6a4 2522
dnsdist_1.9.9-1.dsc
e86bc636d4d2dc8bac180ec8cdafbfe5f35229b6005ec15d7510fb6f58b49f5a 1609983
dnsdist_1.9.9.orig.tar.bz2
a6b5cca8c1610da890620e426d91b210b83975da0533d496b3240d6565c9c725 488
dnsdist_1.9.9.orig.tar.bz2.asc
15f4aacf7d4d4f3b5569283336e70b8971e77d0654ea079a6457363104acc2a0 17328
dnsdist_1.9.9-1.debian.tar.xz
45fcc634893d4d3906c0e6ba764c9c6956f0ae47fa549b6dc33ca456ca0df2f0 15640
dnsdist_1.9.9-1_arm64.buildinfo
Files:
e44bb9bc59aba0693e08f377f7c37933 2522 net optional dnsdist_1.9.9-1.dsc
67f1193c39f1472467e8ae7d7e188604 1609983 net optional
dnsdist_1.9.9.orig.tar.bz2
5978cebbadcad48425a1dd4050517550 488 net optional
dnsdist_1.9.9.orig.tar.bz2.asc
47b68072fc3dfb02b0307142e07ca481 17328 net optional
dnsdist_1.9.9-1.debian.tar.xz
38dee73ab8bc31e77e78a2ef934448c7 15640 net optional
dnsdist_1.9.9-1_arm64.buildinfo
--- End Message ---
