** Description changed: - [Impact] + This bug tracks an update for the bind9 package, moving to versions: - This bug tracks an update for the Bind9 package, moving to versions: + * Plucky (25.04): Bind9 9.20.9 + * Oracular (24.10): Bind9 9.20.9 + * Noble (24.04): Bind9 9.18.37 + * Jammy (22.04): Bind9 9.18.37 - * <list of Ubuntu series and stable versions being introduced> + These updates include bug fixes following the SRU policy exception + defined at https://wiki.ubuntu.com/Bind9Updates. - See <upstream-roadmap-link> + [Upstream changes] - These updates are a best effort to only include bug fixes, following the - SRU policy exception defined at https://wiki.ubuntu.com/Bind9Updates. + 9.20.5-9.20.9: + CVE fixes (These already existed as patches but are now included as part + of upstream): - [Major Changes] + CVE-2025-40775 + CVE-2024-12705 + CVE-2024-11187 - * <list of series with link to release notes> - - <Important bug fixes> - - <CVEs fixes added, and note whether or not already applied in ubuntu> + Updates: + Bug Fixes: + + Full release notes available here - + https://bind9.readthedocs.io/en/v9.20.9/notes.html + + 9.18.31-9.18.37: + + CVE fixes (These already existed as patches but are now included as part + of upstream): + + CVE-2024-12705 + CVE-2024-11187 + + Updates: + + Bug Fixes: + + Full release notes available here - + https://bind9.readthedocs.io/en/v9.18.37/notes.html [Test Plan] - See https://wiki.ubuntu.com/Bind9Updates#QA + DEP-8 Tests: + simpletest - Confirms bind9 daemon starts successfully and dig can find + 127.0.0.1 through the default setup of bind9 + + zonetest - Added in this update, currently in lunar. Confirms the + functionality of named and bind9 by creating a local DNS zone and + domain, and having dig look it up + + dyndb-ldap (noble and earlier) - Verifies functionality of bind-dyndb- + ldap against the updated bind9 package with a basic setup. This also + fails intentionally prior to bind-dyndb-ldap being rebuilt against the + package, as this is a necessary step for bind9 updates. + + validation - This test is provided by Debian and consistently fails both + before and after the update due to several issues. It is marked as + flaky, and does not block autopkgtest passing overall [Regression Potential] Upstream has an extensive build and integration test suite. So - regressions would likely arise from a change in interaction with - Ubuntu-specific integrations, such as in relation to the versions of - dependencies available and other packaging-specific matters. + regressions would likely arise from a change in interaction with Ubuntu- + specific integrations. - <Additional regression potentials specific to this release> + Previous Backports: - - [Other Info] - - This is a recurring effort. For reference, here are previous Bind9 SRU - backports: - - * <List LP: #bug links to former cases of SRU backports for this - package> + (LP: #2003586) + (LP: #2028413) + (LP: #2040459)
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2112520 Title: Backport upstream microreleases for questing cycle To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bind9/+bug/2112520/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
