[Git][security-tracker-team/security-tracker][master] lts: triage pdns issues as EOL

[Emilio Pozuelo Monfort (@pochu)]

Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b10abf6f by Emilio Pozuelo Monfort at 2026-04-24T16:13:07+02:00
lts: triage pdns issues as EOL

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1043,15 +1043,19 @@ CVE-2026-34413 (Xerte Online Toolkits versions 3.15 and earlier contain a missin
 	NOT-FOR-US: Xerte Online Toolkits
 CVE-2026-33611 (An operator allowed to use the REST API can cause the Authoritative se ...)
 	- pdns <unfixed>
+	[bullseye] - pdns <end-of-life> (see DLA 4471)
 	NOTE: https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2026-05.html#insufficient-validation-of-https-and-svcb-records
 CVE-2026-33610 (A rogue primary server may cause file descriptor exhaustion and eventu ...)
 	- pdns <unfixed>
+	[bullseye] - pdns <end-of-life> (see DLA 4471)
 	NOTE: https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2026-05.html#possible-file-descriptor-exhaustion-in-forward-dnsupdate
 CVE-2026-33609 (Incomplete escaping of LDAP queries when running with 8bit-dns enabled ...)
 	- pdns <unfixed>
+	[bullseye] - pdns <end-of-life> (see DLA 4471)
 	NOTE: https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2026-05.html#ldap-dn-injection
 CVE-2026-33608 (An attacker can send a notify request that causes a new secondary doma ...)
 	- pdns <unfixed>
+	[bullseye] - pdns <end-of-life> (see DLA 4471)
 	NOTE: https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2026-05.html#incomplete-domain-name-sanitization-during-bind-autosecondary-zone-transfer
 CVE-2026-33601 (If you use the zoneToCache function with a malicious authoritative ser ...)
 	- pdns-recursor 5.4.1-1
@@ -1619,6 +1623,7 @@ CVE-2026-33257 (An attacker can send a web request that causes unlimited memory
 	[bookworm] - pdns-recursor <end-of-life> (see DSA 6045)
 	[bullseye] - pdns-recursor <end-of-life> (see DSA 6045)
 	- pdns <unfixed>
+	[bullseye] - pdns <end-of-life> (see DLA 4471)
 	NOTE: https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html#cve-2026-33257-insufficient-input-validation-of-internal-webserver
 	NOTE: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2026-03.html#cve-2026-33257-insufficient-input-validation-of-internal-web-server
 	NOTE: According to the advisory affects only PowerDNS Recursor up to and including 5.2.8,
@@ -1632,6 +1637,7 @@ CVE-2026-33260 (An attacker can send a web request that causes unlimited memory
 	[bookworm] - pdns-recursor <end-of-life> (see DSA 6045)
 	[bullseye] - pdns-recursor <end-of-life> (see DSA 6045)
 	- pdns <unfixed>
+	[bullseye] - pdns <end-of-life> (see DLA 4471)
 	NOTE: https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html#cve-2026-33260-insufficient-input-validation-of-internal-webserver
 	NOTE: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2026-03.html#cve-2026-33260-insufficient-input-validation-of-internal-web-server
 	NOTE: According to the advisory affects only PowerDNS Recursor up to and including 5.2.8,



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b10abf6f9f830a567a33cb7fa17dc0af57431dec

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b10abf6f9f830a567a33cb7fa17dc0af57431dec
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260424/e2656e88/attachment-0001.htm>