: VCS matches the version in the archive
- Git: https://salsa.debian.org/dns-team/bind9.git
- Branch: debian/main
- Path: debian/changelog
- Browser: https://salsa.debian.org/dns-team/bind9
- Last scan: 2021-05-01 11:42:05+00
- Next scan: 2021-05-08 09:51:00+00
- Merge requests: 5
- Debian changelog in Git:
bind9 (1:9.16.15-1) unstable; urgency=high
* New upstream version 9.16.15 (Closes: #987741, #987742, #987743)
+ CVE-2021-25214: A malformed incoming IXFR transfer could trigger an
assertion failure in ``named``, causing it to quit abnormally.
+ CVE-2021-25215: ``named`` crashed when a DNAME record placed in the
ANSWER section during DNAME chasing turned out to be the final
answer to a client query.
+ CVE-2021-25216: When a server's configuration set the
``tkey-gssapi-keytab`` or ``tkey-gssapi-credential`` option, a
specially crafted GSS-TSIG query could cause a buffer overflow in
the ISC implementation of SPNEGO (a protocol enabling negotiation of
the security mechanism used for GSSAPI authentication).
* Add patches to implement I-D draft-hardaker-dnsop-nsec3-guidance
-- Ondřej Surý <firstname.lastname@example.org> Thu, 29 Apr 2021 09:11:32 +0200
- This branch is even with tag debian/1%9.16.15-1