[Git][security-tracker-team/security-tracker][master] knot-resolver DSA

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b864b19c by Moritz Mühlenhoff at 2024-02-27T22:26:07+01:00
knot-resolver DSA

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -3445,6 +3445,7 @@ CVE-2023-50387 (Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4
 	- bind9 1:9.19.21-1
 	- dnsmasq 2.90-1
 	- knot-resolver 5.7.1-1
+	[bullseye] - knot-resolver <ignored> (Too intrusive to backport, if DNSSEC is used Bookworm can be used)
 	- pdns-recursor 4.9.3-1 (bug #1063852)
 	- unbound 1.19.1-1 (bug #1063845)
 	- systemd <unfixed>
@@ -3472,6 +3473,7 @@ CVE-2023-50868 (The Closest Encloser Proof aspect of the DNS protocol (in RFC 51
 	- bind9 1:9.19.21-1
 	- dnsmasq 2.90-1
 	- knot-resolver 5.7.1-1
+	[bullseye] - knot-resolver <ignored> (Too intrusive to backport, if DNSSEC is used Bookworm can be used)
 	- pdns-recursor 4.9.3-1 (bug #1063852)
 	- unbound 1.19.1-1 (bug #1063845)
 	- systemd <unfixed>
@@ -24037,7 +24039,6 @@ CVE-2023-46319 (WALLIX Bastion 9.x before 9.0.9 and 10.x before 10.0.5 allows un
 	NOT-FOR-US: WALLIX Bastion
 CVE-2023-46317 (Knot Resolver before 5.7.0 performs many TCP reconnections upon receiv ...)
 	- knot-resolver 5.7.0-1
-	[bookworm] - knot-resolver <no-dsa> (Minor issue)
 	[bullseye] - knot-resolver <no-dsa> (Minor issue)
 	NOTE: https://www.knot-resolver.cz/2023-08-22-knot-resolver-5.7.0.html
 	NOTE: https://gitlab.nic.cz/knot/knot-resolver/-/merge_requests/1448


=====================================
data/DSA/list
=====================================
@@ -1,3 +1,6 @@
+[27 Feb 2024] DSA-5633-1 knot-resolver - security update
+	{CVE-2023-46317 CVE-2023-50387 CVE-2023-50868}
+	[bookworm] - knot-resolver 5.6.0-1+deb12u1
 [26 Feb 2024] DSA-5632-1 composer - security update
 	{CVE-2024-24821}
 	[bullseye] - composer 2.0.9-2+deb11u2


=====================================
data/dsa-needed.txt
=====================================
@@ -30,8 +30,6 @@ gtkwave
 --
 h2o (jmm)
 --
-knot-resolver (jmm)
---
 libreswan (jmm)
   Maintainer prepared bookworm-security update, but needs work on bullseye-security backports
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b864b19c2f4800fb8ab92c576e94855eccfb4cb9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b864b19c2f4800fb8ab92c576e94855eccfb4cb9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240227/550cd92a/attachment-0001.htm>