package: release.debian.org
user: release.debian....@packages.debian.org
usertags: unblock
severity: normal
x-debbugs-cc: debian-boot@lists.debian.org
Please consider unblocking bind9. It fixes a new security issue.
unblock bind9/9.9.5.dfsg-9
unblock-udeb bind9/9.9.5.dfsg-9
diff -u bind9-9.9.5.dfsg/debian/changelog bind9-9.9.5.dfsg/debian/changelog
--- bind9-9.9.5.dfsg/debian/changelog
+++ bind9-9.9.5.dfsg/debian/changelog
@@ -1,3 +1,10 @@
+bind9 (1:9.9.5.dfsg-9) unstable; urgency=high
+
+ * Fix CVE-2015-1349: named crash due to managed key rollover, primarily only
+ affecting setups using DNSSEC (closes: #778733).
+
+ -- Michael Gilbert <mgilb...@debian.org> Thu, 19 Feb 2015 03:42:21 +0000
+
bind9 (1:9.9.5.dfsg-8) unstable; urgency=medium
* Launch rndc command in the background in networking scripts to avoid a
only in patch2:
unchanged:
--- bind9-9.9.5.dfsg.orig/lib/dns/zone.c
+++ bind9-9.9.5.dfsg/lib/dns/zone.c
@@ -8496,6 +8496,12 @@
namebuf, tag);
trustkey = ISC_TRUE;
}
+ } else {
+ /*
+ * No previously known key, and the key is not
+ * secure, so skip it.
+ */
+ continue;
}
/* Delete old version */
@@ -8544,7 +8550,7 @@
trust_key(zone, keyname, &dnskey, mctx);
}
- if (!deletekey)
+ if (secure && !deletekey)
set_refreshkeytimer(zone, &keydata, now);
}
