Path to this page:
Subject: CVS commit: [pkgsrc-2020Q1] pkgsrc/net/bind914
From: Benny Siegert
Date: 2020-05-20 21:42:25
Message id: 20200520194225.C7C75FB27@cvs.NetBSD.org
Log Message:
Pullup ticket #6209 - requested by taca
net/bind914: security fix
Revisions pulled up:
- net/bind914/Makefile 1.21
- net/bind914/distinfo 1.15
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 19 10:23:04 UTC 2020
Modified Files:
pkgsrc/net/bind914: Makefile distinfo
Log Message:
net/bind914: update to 9.14.12
Update bind914 to 9.14.12 (BIND 9.14.12).
Note from release announce:
BIND 9.14.12 is the final planned release in the now End-of-Life (EOL)
9.14 branch.
--- 9.14.12 released ---
5395. [security] Further limit the number of queries that can be
triggered from a request. Root and TLD servers
are no longer exempt from max-recursion-queries.
Fetches for missing name server address records
are limited to 4 for any domain. (CVE-2020-8616)
[GL #1388]
5390. [security] Replaying a TSIG BADTIME response as a request could
trigger an assertion failure. (CVE-2020-8617)
[GL #1703]
5376. [bug] Fix ineffective DNS rebinding protection when BIND is
configured as a forwarding DNS server. Thanks to Tobias
Klein. [GL #1574]
5358. [bug] Inline master zones whose master files were touched
but otherwise unchanged and were subsequently reloaded
may have stopped re-signing. [GL !3135]
5357. [bug] Newly added RRSIG records with expiry times before
the previous earliest expiry times might not be
re-signed in time. This was a side effect of 5315.
[GL !3137]
Files: