[Git][security-tracker-team/security-tracker][master] new unbound issues

Moritz Muehlenhoff jmm at debian.org
Tue Apr 27 11:03:28 BST 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
81443867 by Moritz Muehlenhoff at 2021-04-27T12:02:07+02:00
new unbound issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -25,29 +25,41 @@ CVE-2021-31817
 CVE-2021-31816
 	RESERVED
 CVE-2019-25042 (Unbound before 1.9.5 allows an out-of-bounds write via a compressed na ...)
-	TODO: check
+	- unbound 1.9.6-1
+	NOTE: https://github.com/NLnetLabs/unbound/commit/6c3a0b54ed8ace93d5b5ca7b8078dc87e75cd640
 CVE-2019-25041 (Unbound before 1.9.5 allows an assertion failure via a compressed name ...)
-	TODO: check
+	- unbound 1.9.6-1
+	NOTE: https://github.com/NLnetLabs/unbound/commit/2d444a5037acff6024630b88092d9188f2f5d8fe
 CVE-2019-25040 (Unbound before 1.9.5 allows an infinite loop via a compressed name in  ...)
-	TODO: check
+	- unbound 1.9.6-1
+	NOTE: https://github.com/NLnetLabs/unbound/commit/2d444a5037acff6024630b88092d9188f2f5d8fe
 CVE-2019-25039 (Unbound before 1.9.5 allows an integer overflow in a size calculation  ...)
-	TODO: check
+	- unbound 1.9.6-1
+	NOTE: https://github.com/NLnetLabs/unbound/commit/02080f6b180232f43b77f403d0c038e9360a460f
 CVE-2019-25038 (Unbound before 1.9.5 allows an integer overflow in a size calculation  ...)
-	TODO: check
+	- unbound 1.9.6-1
+	NOTE: https://github.com/NLnetLabs/unbound/commit/02080f6b180232f43b77f403d0c038e9360a460f
 CVE-2019-25037 (Unbound before 1.9.5 allows an assertion failure and denial of service ...)
-	TODO: check
+	- unbound 1.9.6-1
+	NOTE: https://github.com/NLnetLabs/unbound/commit/d2eb78e871153f22332d30c6647f3815148f21e5
 CVE-2019-25036 (Unbound before 1.9.5 allows an assertion failure and denial of service ...)
-	TODO: check
+	- unbound 1.9.6-1
+	NOTE: https://github.com/NLnetLabs/unbound/commit/f5e06689d193619c57c33270c83f5e40781a261d
 CVE-2019-25035 (Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token ...)
-	TODO: check
+	- unbound 1.9.6-1
+	NOTE: https://github.com/NLnetLabs/unbound/commit/fa23ee8f31ba9a018c720ea822faaee639dc7a9c
 CVE-2019-25034 (Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dnam ...)
-	TODO: check
+	- unbound 1.9.6-1
+	NOTE: https://github.com/NLnetLabs/unbound/commit/a3545867fcdec50307c776ce0af28d07046a52dd
 CVE-2019-25033 (Unbound before 1.9.5 allows an integer overflow in the regional alloca ...)
-	TODO: check
+	- unbound 1.9.6-1
+	NOTE: https://github.com/NLnetLabs/unbound/commit/226298bbd36f1f0fd9608e98c2ae85988b7bbdb8
 CVE-2019-25032 (Unbound before 1.9.5 allows an integer overflow in the regional alloca ...)
-	TODO: check
+	- unbound 1.9.6-1
+	NOTE: https://github.com/NLnetLabs/unbound/commit/226298bbd36f1f0fd9608e98c2ae85988b7bbdb8
 CVE-2019-25031 (Unbound before 1.9.5 allows configuration injection in create_unbound_ ...)
-	TODO: check
+	- unbound 1.9.6-1
+	NOTE: https://github.com/NLnetLabs/unbound/commit/f887552763477a606a9608b0f6b498685e0f6587
 CVE-2021-3513
 	NOT-FOR-US: Keycloak
 CVE-2021-31815
@@ -106092,11 +106104,13 @@ CVE-2019-18936 (UniValue::read() in UniValue before 1.0.5 allow attackers to cau
 CVE-2019-18935 (Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .N ...)
 	NOT-FOR-US: Progress Telerik UI for ASP.NET AJAX
 CVE-2019-18934 (Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec modul ...)
-	- unbound <unfixed> (unimportant)
+	- unbound 1.9.6-1 (unimportant)
 	[stretch] - unbound <not-affected> (ipsecmod module introduced later)
 	[jessie] - unbound <not-affected> (ipsecmod module introduced later)
 	NOTE: Debian binary packages not built with --enable-ipsecmod
 	NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2019-18934.txt
+	NOTE: https://github.com/NLnetLabs/unbound/commit/09845779d5f2c96e3064ff398cad65c08357cfbf
+	NOTE: https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/
 CVE-2019-18933 (In Zulip Server versions from 1.7.0 to before 2.0.7, a bug in the new  ...)
 	- zulip-server <itp> (bug #800052)
 CVE-2019-18932 (log.c in Squid Analysis Report Generator (sarg) through 2.3.11 allows  ...)
@@ -114921,6 +114935,8 @@ CVE-2019-16866 (Unbound before 1.9.4 accesses uninitialized memory, which allows
 	[jessie] - unbound <not-affected> (Vulnerable code introduced in 1.7.1)
 	NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2019-16866.txt
 	NOTE: Patch: https://nlnetlabs.nl/downloads/unbound/patch_cve_2019-16866.diff
+	NOTE: https://github.com/NLnetLabs/unbound/commit/b60c4a472c856f0a98120b7259e991b3a6507eb5
+	NOTE: https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/
 CVE-2015-9449 (The microblog-poster plugin before 1.6.2 for WordPress has SQL Injecti ...)
 	NOT-FOR-US: microblog-poster plugin for WordPress
 CVE-2015-9448 (The sendpress plugin before 1.2 for WordPress has SQL Injection via th ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/814438678530ec6449a91c3cd26d6bcc700b2b5a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/814438678530ec6449a91c3cd26d6bcc700b2b5a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210427/fa4a5b16/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list