Your message dated Mon, 13 May 2019 21:17:13 +0000 with message-id <e1hqijt-00077e...@fasolo.debian.org> and subject line Bug#922954: fixed in bind9 1:9.10.3.dfsg.P4-12.3+deb9u5 has caused the Debian Bug report #922954, regarding bind9: CVE-2018-5745: An assertion failure can occur if a trust anchor rolls over to an unsupported key algorithm when using managed-keys to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 922954: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922954 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: bind9 Version: 1:9.11.5.P1+dfsg-2 Severity: grave Tags: security upstream Justification: user security hole Control: found -1 1:9.10.3.dfsg.P4-12.3+deb9u4 Control: found -1 1:9.10.3.dfsg.P4-12.3 Hi, The following vulnerability was published for bind9. CVE-2018-5745[0]: | An assertion failure can occur if a trust anchor rolls over to an | unsupported key algorithm when using managed-keys If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-5745 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5745 [1] https://kb.isc.org/docs/cve-2018-5745 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: bind9 Source-Version: 1:9.10.3.dfsg.P4-12.3+deb9u5 We believe that the bug you reported is fixed in the latest version of bind9, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 922...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Bernhard Schmidt <be...@debian.org> (supplier of updated bind9 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 03 May 2019 22:34:35 +0200 Source: bind9 Binary: bind9 bind9utils bind9-doc host bind9-host libbind-dev libbind9-140 libdns162 libirs141 libisc160 liblwres141 libisccc140 libisccfg140 dnsutils lwresd libbind-export-dev libdns-export162 libdns-export162-udeb libisc-export160 libisc-export160-udeb libisccfg-export140 libisccc-export140 libisccc-export140-udeb libisccfg-export140-udeb libirs-export141 libirs-export141-udeb Architecture: source Version: 1:9.10.3.dfsg.P4-12.3+deb9u5 Distribution: stretch-security Urgency: high Maintainer: Debian DNS Packaging <pkg-dns-de...@lists.alioth.debian.org> Changed-By: Bernhard Schmidt <be...@debian.org> Description: bind9 - Internet Domain Name Server bind9-doc - Documentation for BIND bind9-host - Version of 'host' bundled with BIND 9.X bind9utils - Utilities for BIND dnsutils - Clients provided with BIND host - Transitional package libbind-dev - Static Libraries and Headers used by BIND libbind-export-dev - Development files for the exported BIND libraries libbind9-140 - BIND9 Shared Library used by BIND libdns-export162 - Exported DNS Shared Library libdns-export162-udeb - Exported DNS library for debian-installer (udeb) libdns162 - DNS Shared Library used by BIND libirs-export141 - Exported IRS Shared Library libirs-export141-udeb - Exported IRS library for debian-installer (udeb) libirs141 - DNS Shared Library used by BIND libisc-export160 - Exported ISC Shared Library libisc-export160-udeb - Exported ISC library for debian-installer (udeb) libisc160 - ISC Shared Library used by BIND libisccc-export140 - Command Channel Library used by BIND libisccc-export140-udeb - Command Channel Library used by BIND (udeb) libisccc140 - Command Channel Library used by BIND libisccfg-export140 - Exported ISC CFG Shared Library libisccfg-export140-udeb - Exported ISC CFG library for debian-installer (udeb) libisccfg140 - Config File Handling Library used by BIND liblwres141 - Lightweight Resolver Library used by BIND lwresd - Lightweight Resolver Daemon Closes: 922954 922955 927932 Changes: bind9 (1:9.10.3.dfsg.P4-12.3+deb9u5) stretch-security; urgency=high . [ Marc Deslauriers (Ubuntu) ] * CVE-2018-5743: limiting simultaneous TCP clients is ineffective. Thanks to Marc Deslauriers of Ubuntu (Closes: #927932) . [ Ondřej Surý ] * Sync Maintainer and Uploaders with unstable * [CVE-2019-6465]: Zone transfer for DLZs are executed though not permitted by ACLs. (Closes: #922955) * [CVE-2018-5745]: Avoid assertion and thus causing named to deliberately exit when a trust anchor's key is replaced with a key which uses an unsupported algorithm. (Closes: #922954) Checksums-Sha1: 6860272e873dc1832c650fd4297a10e07d8a79f7 3908 bind9_9.10.3.dfsg.P4-12.3+deb9u5.dsc 4e729f86198c8724c58a2e0dc695cc8be96f2a8a 98420 bind9_9.10.3.dfsg.P4-12.3+deb9u5.debian.tar.xz 505a434d946ea958238008ce240871e1eb1e9513 21618 bind9_9.10.3.dfsg.P4-12.3+deb9u5_amd64.buildinfo Checksums-Sha256: 86ab6f642822821b115319f489a9b64d0b7b2b924a176677b536d5a373a1ec92 3908 bind9_9.10.3.dfsg.P4-12.3+deb9u5.dsc 0cb2d69f869c45b0ad65253dfce0ec1d850dc70a49eb14169d91b3a06fbb9047 98420 bind9_9.10.3.dfsg.P4-12.3+deb9u5.debian.tar.xz bb104617c40823b776a4ac366eb78e295b11c5f83231602cbc6ad188ca411813 21618 bind9_9.10.3.dfsg.P4-12.3+deb9u5_amd64.buildinfo Files: 65559b9d5844fc65327fe313b0e408dd 3908 net optional bind9_9.10.3.dfsg.P4-12.3+deb9u5.dsc ffa19a3fdd7bda1215cf1dadb3adc4c3 98420 net optional bind9_9.10.3.dfsg.P4-12.3+deb9u5.debian.tar.xz 0d2a4d0a411005cc2291ac82c4ea5aef 21618 net optional bind9_9.10.3.dfsg.P4-12.3+deb9u5_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQJFBAEBCgAvFiEE1uAexRal3873GVbTd1B55bhQvJMFAlzN8lsRHGJlcm5pQGRl Ymlhbi5vcmcACgkQd1B55bhQvJMJrRAAgWzqfvqdAPWpi/aOL9y79BZRECTKMzn7 OoXDuBju8AbMO92Fs1hWbnTZeWJLxFp1Ht63WG9bmk7lkYzdWvB9OZvlmFmlOY6I 5gNNeSkT+0meW07in6KDZ+StXFrz0LwWDhYFKLKE187AzSK2Rr3ZIo43hFwI1Mif KXPB4Oun/y1kC+LUJrPZiHfJSoYkBwFiwN+EKgk7JrFgl+1z1wANaeaJooAdUalF 5ICmd/P6X5zrfuMsmcqhCEJWg/zT9f15x+/cYCep+FBhWcFDqPUXlnl9r8USTb1J d40FSf7Mr6OrCLBaaNBSff1GeIdh7+dBGRlW/Wtw6B6vPqBgT0+QKfY4kmXrjC74 Ryp4J5TvT8TO7F8ejkKVMIsH/OGhJqbJc4/4gmVH438e1Z2cJEn6ywDJN7Z8nhpk lIRmrVlxj2j6pgxwnThCwxpnJAjuQc5ycbMiMbHSC6Y7vt3D0gqQElsWA8hHYcGc gyvGeo9i0r1PIJq8U/65YcXgppxUH4L7C+u2Bn0fdQLSNjd+ndupbaQ5u9odqIKu TxNKaBN+plryrbusLnniXERz0fNx0u4LqdjG8d9T8EkbF3oh2WKs+RAs7wQhcQaZ 7t+5ndumaLgx+/d6xfBERxmnvIc8dLdX49KNY56hbpdlHfYVR0CXUNyq1Vu3BvxO 8obm3n79Ix4= =LFoK -----END PGP SIGNATURE-----
--- End Message ---
