Next | Query returned 2 messages, browsing 1 to 10 | previous

History of commit frequency

CVS Commit History:


   2017-02-12 22:59:29 by S.P.Zeidler | Files touched by this commit (2) | Package updated
Log message:
Pullup ticket #5211 - requested by taca
net/bind99: security update

Revisions pulled up:
- net/bind99/Makefile                                           1.63
- net/bind99/distinfo                                           1.43

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Thu Feb  9 00:50:15 UTC 2017

   Modified Files:
   	pkgsrc/net/bind99: Makefile distinfo

   Log message:
   Update bind99 to 9.9.9pl6 (BIND 9.9.9-P6).

   Security Fixes

        * If a server is configured with a response policy zone (RPZ) that
          rewrites an answer with local data, and is also configured for
          DNS64 address mapping, a NULL pointer can be read triggering a
          server crash. This flaw is disclosed in CVE-2017-3135. [RT #44434]
        * named could mishandle authority sections with missing RRSIGs,
          triggering an assertion failure. This flaw is disclosed in
          CVE-2016-9444. [RT #43632]
        * named mishandled some responses where covering RRSIG records were
          returned without the requested data, resulting in an assertion
          failure. This flaw is disclosed in CVE-2016-9147. [RT #43548]
        * named incorrectly tried to cache TKEY records which could trigger
          an assertion failure when there was a class mismatch. This flaw is
          disclosed in CVE-2016-9131. [RT #43522]
        * It was possible to trigger assertions when processing responses
          containing answers of type DNAME. This flaw is disclosed in
          CVE-2016-8864. [RT #43465]
        * It was possible to trigger an assertion when rendering a message
          using a specially crafted request. This flaw is disclosed in
          CVE-2016-2776. [RT #43139]
        * Calling getrrsetbyname() with a non- absolute name could trigger an
          infinite recursion bug in lwresd or named with lwres configured if,
          when combined with a search list entry from resolv.conf, the
          resulting name is too long. This flaw is disclosed in
          CVE-2016-2775. [RT #42694]

   Feature Changes

        * None.

   Porting Changes

        * None.

   Bug Fixes

        * A synthesized CNAME record appearing in a response before the
          associated DNAME could be cached, when it should not have been.
          This was a regression introduced while addressing CVE-2016-8864.
          [RT #44318]
        * Windows installs were failing due to triggering UAC without the
          installation binary being signed.
        * A race condition in rbt/rbtdb was leading to INSISTs being
          triggered.

   To generate a diff of this commit:
   cvs rdiff -u -r1.62 -r1.63 pkgsrc/net/bind99/Makefile
   cvs rdiff -u -r1.42 -r1.43 pkgsrc/net/bind99/distinfo
   2017-01-13 21:21:02 by Benny Siegert | Files touched by this commit (2)
Log message:
Pullup ticket #5190 - requested by taca
net/bind99: security fix

Revisions pulled up:
- net/bind99/Makefile                                           1.62
- net/bind99/distinfo                                           1.42

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Thu Jan 12 00:05:46 UTC 2017

   Modified Files:
   	pkgsrc/net/bind99: Makefile distinfo

   Log message:
   Update bind99 to 9.9.9pl5 (BIND 9.9.9-P5), including security fixes.

   	--- 9.9.9-P5 released ---

   4530.	[bug]		Change 4489 broke the handling of CNAME -> DNAME
   			in responses resulting in SERVFAIL being returned.
   			[RT #43779]

   4528.	[bug]		Only set the flag bits for the i/o we are waiting
   			for on EPOLLERR or EPOLLHUP. [RT #43617]

   4519.	[port]		win32: handle ERROR_MORE_DATA. [RT #43534]

   4517.	[security]	Named could mishandle authority sections that were
   			missing RRSIGs triggering an assertion failure.
   			(CVE-2016-9444) [RT # 43632]

   4510.	[security]	Named mishandled some responses where covering RRSIG
   			records are returned without the requested data
   			resulting in a assertion failure. (CVE-2016-9147)
   			[RT #43548]

   4508.	[security]	Named incorrectly tried to cache TKEY records which
   			could trigger a assertion failure when there was
   			a class mismatch. (CVE-2016-9131) [RT #43522]

Next | Query returned 2 messages, browsing 1 to 10 | previous