[Git][security-tracker-team/security-tracker][master] Track fixed version for bind9 issues via unstable
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Sep 21 14:09:19 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f9b22050 by Salvatore Bonaccorso at 2022-09-21T15:08:13+02:00
Track fixed version for bind9 issues via unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4839,7 +4839,7 @@ CVE-2022-3081
RESERVED
CVE-2022-3080 [BIND 9 resolvers configured to answer from stale cache with zero stale-answer-client-timeout may terminate unexpectedly]
RESERVED
- - bind9 <unfixed>
+ - bind9 1:9.18.7-1
NOTE: https://kb.isc.org/docs/cve-2022-3080
NOTE: Fixed by: https://gitlab.isc.org/isc-projects/bind9/-/commit/b9e2f3333d0d29deb3ef932aa7aeb28086f153bd (v9_18_7)
NOTE: Fixed by: https://gitlab.isc.org/isc-projects/bind9/-/commit/3f68e2ad838b3c12a725ccb1082a54b0e8b69562 (v9_16_33)
@@ -6737,7 +6737,7 @@ CVE-2022-2907
NOTE: https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/
CVE-2022-2906 [Memory leaks in code handling Diffie-Hellman key exchange via TKEY RRs]
RESERVED
- - bind9 <unfixed>
+ - bind9 1:9.18.7-1
[bullseye] - bind9 <not-affected> (Vulnerable code introduced later)
[buster] - bind9 <not-affected> (Vulnerable code introduced later)
NOTE: https://kb.isc.org/docs/cve-2022-2906
@@ -6962,7 +6962,7 @@ CVE-2022-2882
RESERVED
CVE-2022-2881 [Buffer overread in statistics channel code]
RESERVED
- - bind9 <unfixed>
+ - bind9 1:9.18.7-1
NOTE: https://kb.isc.org/docs/cve-2022-2881
NOTE: Fixed by: https://gitlab.isc.org/isc-projects/bind9/-/commit/13333db69f9b9710a98c86f44276e01e95420fa0 (v9_18_7)
TODO: check, why this does not affect versions prior to 9.18.
@@ -7642,7 +7642,7 @@ CVE-2022-38179 (JetBrains Ktor before 2.1.0 was vulnerable to the Reflect File D
NOT-FOR-US: JetBrains Ktor
CVE-2022-38178 [Memory leaks in EdDSA DNSSEC verification code]
RESERVED
- - bind9 <unfixed>
+ - bind9 1:9.18.7-1
NOTE: https://kb.isc.org/docs/cve-2022-38178
NOTE: Fixed by: https://gitlab.isc.org/isc-projects/bind9/-/commit/7c0028cfad2ae5fdf82c4d02d3b8b3a1e96dc6ec (v9_18_7)
NOTE: Fixed by: https://gitlab.isc.org/isc-projects/bind9/-/commit/1af23378ebb11da2eb0f412e4563d6c4165fbd3d (v9_16_33)
@@ -7680,7 +7680,7 @@ CVE-2022-2796 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/
NOT-FOR-US: pimcore
CVE-2022-2795 [Processing large delegations may severely degrade resolver performance]
RESERVED
- - bind9 <unfixed>
+ - bind9 1:9.18.7-1
NOTE: https://kb.isc.org/docs/cve-2022-2795
NOTE: Fixed by: https://gitlab.isc.org/isc-projects/bind9/-/commit/e2014ba9e3b4236b0384ba17abfb2c9a155412f6 (v9_18_7)
NOTE: Fixed by: https://gitlab.isc.org/isc-projects/bind9/-/commit/bf2ea6d8525bfd96a84dad221ba9e004adb710a8 (v9_16_33)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f9b220503c26ec8bcc7d282780bf1dbae8f00d0f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f9b220503c26ec8bcc7d282780bf1dbae8f00d0f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220921/48feaebc/attachment.htm>
More information about the debian-security-tracker-commits
mailing list