Bug#665012: marked as done (CVE-2012-1570: maradns deleted domain record cache persistance flaw)

[Debian Bug Tracking System]

Your message dated Sun, 25 Mar 2012 21:02:23 +0000
with message-id <e1sbuzz-0001bs...@franck.debian.org>
and subject line Bug#665012: fixed in maradns 1.4.12-1
has caused the Debian Bug report #665012,
regarding CVE-2012-1570: maradns deleted domain record cache persistance flaw
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
665012: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=665012
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: maradns
Severity: serious
Tags: security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

It was reported that MaraDNS suffers from a flaw where it is susceptible to
spoofing attacks.  Due to an error in the cache update policy, which
does not properly handle revoked domain names, a remote attacker could keep a
domain name resolvable after it has been deleted from the registration.

This flaw is fixed in versions 1.3.0.7.15 and 1.4.12, and is reported to
affect all prior versions.

References:

http://www.maradns.org/changelog.html
https://secunia.com/advisories/48492/
https://bugzilla.redhat.com/show_bug.cgi?id=804770 


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAk9q/sIACgkQNxpp46476arqDQCfSFeWlawN7py9L5lKIE+xR1ix
ATIAn0DxeHe7ugtuET2C9uHbJcAkIwkz
=Pu/Y
-----END PGP SIGNATURE-----

--- End Message ---

--- Begin Message ---

Source: maradns
Source-Version: 1.4.12-1

We believe that the bug you reported is fixed in the latest version of
maradns, which is due to be installed in the Debian FTP archive:

duende_1.4.12-1_i386.deb
  to main/m/maradns/duende_1.4.12-1_i386.deb
maradns-docs_1.4.12-1_all.deb
  to main/m/maradns/maradns-docs_1.4.12-1_all.deb
maradns-zoneserver_1.4.12-1_i386.deb
  to main/m/maradns/maradns-zoneserver_1.4.12-1_i386.deb
maradns_1.4.12-1.debian.tar.gz
  to main/m/maradns/maradns_1.4.12-1.debian.tar.gz
maradns_1.4.12-1.dsc
  to main/m/maradns/maradns_1.4.12-1.dsc
maradns_1.4.12-1_i386.deb
  to main/m/maradns/maradns_1.4.12-1_i386.deb
maradns_1.4.12.orig.tar.bz2
  to main/m/maradns/maradns_1.4.12.orig.tar.bz2



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 665...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Nicholas Bamber <nicho...@periapt.co.uk> (supplier of updated maradns package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 25 Mar 2012 18:50:12 +0100
Source: maradns
Binary: maradns maradns-zoneserver duende maradns-docs
Architecture: source i386 all
Version: 1.4.12-1
Distribution: unstable
Urgency: medium
Maintainer: Nicholas Bamber <nicho...@periapt.co.uk>
Changed-By: Nicholas Bamber <nicho...@periapt.co.uk>
Description: 
 duende     - logging daemonizer
 maradns    - simple security-focused Domain Name Service server
 maradns-docs - upstream documentation for the MaraDNS Domain Name Service 
server
 maradns-zoneserver - complementary server process to TCP functions for MaraDNS
Closes: 665012
Changes: 
 maradns (1.4.12-1) unstable; urgency=medium
 .
   * New upstream release fixing CVE-2012-1570 (Closes: #665012)
Checksums-Sha1: 
 2d4cdb3390fb528f0110b397ab3fe5a54acd6ad3 1969 maradns_1.4.12-1.dsc
 7198e3292c199a9ec3e831f76f96c25ad6a86956 1178772 maradns_1.4.12.orig.tar.bz2
 9332f004205e76fc341adde86827d540b583702c 39937 maradns_1.4.12-1.debian.tar.gz
 0a1b90b848f157f907b90a8247ea2b6fa499f6ff 413862 maradns_1.4.12-1_i386.deb
 413d257f6b249d6057922ceb2f0c52cb894adc4c 176774 
maradns-zoneserver_1.4.12-1_i386.deb
 8dd21ef47f4d6588a35152a65f9498a1bc148e5e 69634 duende_1.4.12-1_i386.deb
 6d00aae66df3671cf1f6f9b1580e19543d9d7a71 188056 maradns-docs_1.4.12-1_all.deb
Checksums-Sha256: 
 1f4cf223ba5284df5139ed3e7865e259eeae1323ac66d46ba207e73612c894f3 1969 
maradns_1.4.12-1.dsc
 72c0e0fd10e4d9ed70d8c7addb9b0abd2cf2d23f6b477db3aefd69c9faa0893b 1178772 
maradns_1.4.12.orig.tar.bz2
 1248c87b25d66aa56ec741d8dc68a7e08c99a1890bb4fbc6378e22adc1e3dc96 39937 
maradns_1.4.12-1.debian.tar.gz
 d0fe5763f1e0edfbd716f37f52032c72589f6194b56aba4a8230f6a9c5a389cc 413862 
maradns_1.4.12-1_i386.deb
 55da97b5f65fcb08bd5d8c98d4cd6a545ab61997ee86f5d74b9c265c7d3acc25 176774 
maradns-zoneserver_1.4.12-1_i386.deb
 74630c353de44af34e434ceb2dc254c4ce2f80d7897ab90a410c5a589dd1db4e 69634 
duende_1.4.12-1_i386.deb
 f9de69e3dae67cc0a18f347b6393e07e0f9936e509296db91ae320a9b268d7e2 188056 
maradns-docs_1.4.12-1_all.deb
Files: 
 3b470ac5772ac46a0408cf8ed0876b74 1969 net extra maradns_1.4.12-1.dsc
 f45dcd5dd8d488a7a6c5e18fef8414c0 1178772 net extra maradns_1.4.12.orig.tar.bz2
 08b6e534c18e7ac88963df669ba1c70a 39937 net extra maradns_1.4.12-1.debian.tar.gz
 7878f4fc42103c67c5db4f6b5d62dfbf 413862 net extra maradns_1.4.12-1_i386.deb
 ef008d847602d2cb1f5ad3d21017ef70 176774 net extra 
maradns-zoneserver_1.4.12-1_i386.deb
 4916c3d76ab39965a5698020ef8ef131 69634 admin optional duende_1.4.12-1_i386.deb
 92cadbc81ed07661e780c24fba99603b 188056 doc extra maradns-docs_1.4.12-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJPb2POAAoJELbE2bY7/+c8pIEQAMKB2KguCN3cQJiDXLgWd29J
yZQRa0KdH2x7pU9OFcR4ZfFMqtl+w5/9+IZBC3GcD3uTssoj3L+6rOHqDKek2+y1
NkJMevCQHfkivtuOVXVaVLiOas/qkC7md1XDtVBPyhIXJZxdqQrqqHfV9+kWkThX
FaBrxRlvePnNIPFsAY6s5tyC6uxZ6krjtr6Sb8/ZLTwJLQmjbP2JAFpGR5I2/pkN
lhxWuesTuqpwVBzWoupKb1c+I07I/8P6jUhOWZ2Guys+tyQAclB2yqNzU/6krZGh
RyJkQr39RTELROLQy1FvNgDv5N0n968IsP60BoEbyIhu1EFwhFC8D/FyqswxivLl
5gbl21HmOf3yBGpKy9JwwurqHu3GQkh6P9/CpziimtPwKmawLcnOK+B1X2JzijoZ
Q4SAWEb1TyvjUQtNYjtGd7zVnYkfikB3KBw+1UAzRot/OLCoc+BoIIeBjL0y3lsD
4yV4q4Xt2OqhlZsavAbTI6vPBZ0J5c9cOy8vvcS5PwLQMj0t3pmy4CTTSDWOrOaw
3JYCpKpcmwYpNl1Wf9oP/wSS6oH2JyA7eMHb300v83RjJhI1xElnyVdVbqv/EPtO
fmQOlNklJyNVMUQdPdeD6CWQ68q6nAe/DIPaUPRluT/4O2tz/7gBZAMsYD+4/Csg
7K9NhjwHGtD40G0sUhRy
=kSMq
-----END PGP SIGNATURE-----

--- End Message ---