Your message dated Wed, 12 Mar 2025 10:35:24 +0000
with message-id <e1tsjqq-009q2l...@fasolo.debian.org>
and subject line Bug#1095837: fixed in rust-hickory-proto 0.24.3-1
has caused the Debian Bug report #1095837,
regarding rust-hickory-proto: CVE-2025-25188
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1095837: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1095837
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: rust-hickory-proto
Version: 0.24.1-6
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi,
The following vulnerability was published for rust-hickory-proto.
CVE-2025-25188[0]:
| Hickory DNS is a Rust based DNS client, server, and resolver. A
| vulnerability present starting in version 0.8.0 and prior to
| versions 0.24.3 and 0.25.0-alpha.5 impacts Hickory DNS users relying
| on DNSSEC verification in the client library, stub resolver, or
| recursive resolver. The DNSSEC validation routines treat entire
| RRsets of DNSKEY records as trusted once they have established trust
| in only one of the DNSKEYs. As a result, if a zone includes a DNSKEY
| with a public key that matches a configured trust anchor, all keys
| in that zone will be trusted to authenticate other records in the
| zone. There is a second variant of this vulnerability involving DS
| records, where an authenticated DS record covering one DNSKEY leads
| to trust in signatures made by an unrelated DNSKEY in the same zone.
| Versions 0.24.3 and 0.25.0-alpha.5 fix the issue.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-25188
https://www.cve.org/CVERecord?id=CVE-2025-25188
[1]
https://github.com/hickory-dns/hickory-dns/security/advisories/GHSA-37wc-h8xc-5hc4
[2]
https://github.com/hickory-dns/hickory-dns/commit/e118c6eec569f4340421f86ee0686714010c63e9
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: rust-hickory-proto
Source-Version: 0.24.3-1
Done: Peter Michael Green <plugw...@debian.org>
We believe that the bug you reported is fixed in the latest version of
rust-hickory-proto, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1095...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Peter Michael Green <plugw...@debian.org> (supplier of updated
rust-hickory-proto package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 12 Mar 2025 08:24:24 +0000
Source: rust-hickory-proto
Architecture: source
Version: 0.24.3-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Rust Maintainers
<pkg-rust-maintain...@alioth-lists.debian.net>
Changed-By: Peter Michael Green <plugw...@debian.org>
Closes: 1095837
Changes:
rust-hickory-proto (0.24.3-1) unstable; urgency=medium
.
* Team upload.
* Package hickory-proto 0.24.3 from crates.io using debcargo 2.7.8 (Closes:
#1095837)
* Drop disable-env-filter.patch, no longer needed.
* Update overridden control files.
* Bump dependency on rustls-native-certs to help britney's autopkgtest
scheduler.
* Add breaks on old version of rust-hickory-resolver.
Checksums-Sha1:
52cd32600ca92a046a2a89fd58b0e476a0dd99ed 3888 rust-hickory-proto_0.24.3-1.dsc
63382e3f453141bad6246c76156280ec7d91a151 383451
rust-hickory-proto_0.24.3.orig.tar.gz
db36cd5e7d009fa0ad318d523624cac745763bdd 16932
rust-hickory-proto_0.24.3-1.debian.tar.xz
c4ac37fb7c7637b5111a1ff999bb34852e2f23cf 8543
rust-hickory-proto_0.24.3-1_source.buildinfo
Checksums-Sha256:
793120a305b22e15e6d752fc072b2f76b47153683fd44b06729386c119733b35 3888
rust-hickory-proto_0.24.3-1.dsc
2ad3d6d98c648ed628df039541a5577bee1a7c83e9e16fe3dbedeea4cdfeb971 383451
rust-hickory-proto_0.24.3.orig.tar.gz
a63c413aba225f530a014a9f049444bae6726d8370507b3e835466dba5810c7d 16932
rust-hickory-proto_0.24.3-1.debian.tar.xz
b6a08dcc00bb90898a0f6b9a574042e81e50fda3c2262a984cd4c90662247acf 8543
rust-hickory-proto_0.24.3-1_source.buildinfo
Files:
86bccbca835f8560b9cb8e8e14b59662 3888 rust optional
rust-hickory-proto_0.24.3-1.dsc
5f46302fb9ba9ea1d7abd6a903d4ea42 383451 rust optional
rust-hickory-proto_0.24.3.orig.tar.gz
63509eafaf4291c73e10cdb767ba75d4 16932 rust optional
rust-hickory-proto_0.24.3-1.debian.tar.xz
50949579f78f9cbc5309c77567f7ba09 8543 rust optional
rust-hickory-proto_0.24.3-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJIBAEBCAAyFiEEU0DQATYMplbjSX63DEjqKnqP/XsFAmfRXi8UHHBsdWd3YXNo
QGRlYmlhbi5vcmcACgkQDEjqKnqP/Xtcqw//f+D8/w/uZcXih7K4fD7yVP2Mw49N
xQfNJwSlBrlckDnIq21IcfEq9QCZwmqhhH5q63hsn/8xW7q/XKeNVQ2m6PXb+dC/
BBErzd+KgRJXQGiuCCpps1VUqlSZYE6/ZGAFG+a8ce1cT3XlvHB515XUitzr4vn9
fD2aqCqNKBPUVajMBf4kfkQ03b4vI8am1lPlTWMl/oUPQnSTolW9i/0lvQ7XRCuA
sH34gADWCw+JKNUyhtJ33UjfyK4XZcVtAbRWrmCZVdo/4PMlsSn8mkfm+FksAD3B
xbKYzPlBAUtBrSx5TbaXoEp2a3lCv5K0QMLVOfpVL7xXbUq42cJeO8u1dyWp523Q
FBa0LxmBNskm36lVSXH0y7u9Xhy6QD62JkJZuVmMRL2GBtBMmQrhv/HPIRx5nmPF
mHyc8otOqnJPHf+pH5Qc/3ysJnG75z/ZEq6O0Dw4rULZeg8tHw9Ys4cHfeDg76JM
aYvxI0Nkjg+tf/XqarWdY0/AnP5rE2PfO6cgiuOgMv3JLcrG90XMbdXR8LSGWInt
vjd6Wp3feJkqBjqzCkfhpBg2aQhSe/Q0wKLmVpjVD2NtDQybq/N37jG8NLlbrcJs
+9C38pr6wX+Wh0/Q1pkw/qcvYRmxgzNDnr7vJJvufhxlVFZwVzFaYfre2XAqwTRx
3wt6+QyGRzr5ZBk=
=Z8bQ
-----END PGP SIGNATURE-----
pgpMVnlg2c2fl.pgp
Description: PGP signature
--- End Message ---
