[Git][security-tracker-team/security-tracker][master] new pdns-rec issues
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Thu Jun 25 14:18:56 BST 2026
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4a7d47fc by Moritz Muehlenhoff at 2026-06-25T15:18:29+02:00
new pdns-rec issues
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,9 +1,50 @@
+CVE-2026-52690
+ - pdns-recursor <unfixed>
+ [bookworm] - pdns-recursor <end-of-life> (see DSA 6045)
+ [bullseye] - pdns-recursor <end-of-life> (see DSA 6045)
+ NOTE: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2026-08.html#cve-2026-52690-spoofed-answers-can-mark-an-authoritative-non-edns-capable
+CVE-2026-42387
+ - pdns-recursor <unfixed>
+ [bookworm] - pdns-recursor <end-of-life> (see DSA 6045)
+ [bullseye] - pdns-recursor <end-of-life> (see DSA 6045)
+ NOTE: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2026-08.html#cve-2026-42387-insufficient-input-validation-in-zonetocache
+CVE-2026-42388
+ - pdns-recursor <unfixed>
+ [bookworm] - pdns-recursor <end-of-life> (see DSA 6045)
+ [bullseye] - pdns-recursor <end-of-life> (see DSA 6045)
+ NOTE: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2026-08.html#cve-2026-42388-missing-input-validation-for-catalog-zones
+CVE-2026-42389
+ - pdns-recursor <unfixed>
+ [trixie] - pdns-recursor <not-affected> (Vulnerable code not present, only affects 5.4.x)
+ [bookworm] - pdns-recursor <not-affected> (Vulnerable code not present, only affects 5.4.x)
+ [bullseye] - pdns-recursor <not-affected> (Vulnerable code not present, only affects 5.4.x)
+ NOTE: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2026-08.html#cve-2026-42389-reject-more-queries-with-invalid-header-values
+CVE-2026-42390
+ - pdns-recursor <unfixed>
+ [bookworm] - pdns-recursor <end-of-life> (see DSA 6045)
+ [bullseye] - pdns-recursor <end-of-life> (see DSA 6045)
+ NOTE: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2026-08.html#cve-2026-42390-zonemd-validation-can-be-bypassed
CVE-2026-42005
+ - pdns-recursor 5.3.0-1
+ [bookworm] - pdns-recursor <end-of-life> (see DSA 6045)
+ [bullseye] - pdns-recursor <end-of-life> (see DSA 6045)
- pdns <unfixed>
[bookworm] - pdns <end-of-life> (See #1119290)
[bullseye] - pdns <end-of-life> (see DLA 4471)
+ NOTE: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2026-08.html#cve-2026-42005-unbounded-resource-consumption-in-internal-webserver
+ NOTE: Only affects 5.2.x, marking first 5.3 upload as fixed version
NOTE: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2026-07.html
NOTE: https://github.com/PowerDNS/pdns/commit/11e4f2da8259e5070e7a193f48d23ade38b71dc0
+CVE-2026-40012
+ - pdns-recursor <unfixed>
+ [bookworm] - pdns-recursor <end-of-life> (see DSA 6045)
+ [bullseye] - pdns-recursor <end-of-life> (see DSA 6045)
+ NOTE: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2026-08.html#cve-2026-40012-information-about-ecs-zero-scoped-answers-might-leak-to-clients-that-use-a-specific-ecs
+CVE-2026-33612
+ - pdns-recursor <unfixed>
+ [bookworm] - pdns-recursor <end-of-life> (see DSA 6045)
+ [bullseye] - pdns-recursor <end-of-life> (see DSA 6045)
+ NOTE: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2026-08.html#cve-2026-3361-zonetocache-can-poison-the-cache
CVE-2026-53276 [Bluetooth: ISO: Fix a use-after-free of the hci_conn pointer]
- linux 7.0.13-1
[trixie] - linux <not-affected> (Vulnerable code not present)
=====================================
data/dsa-needed.txt
=====================================
@@ -67,6 +67,8 @@ pdfminer (carnil)
--
pdns (jmm)
--
+pdns-recursor (jmm)
+--
perl (carnil)
Comment from maintainer: I'd prefer to wait until upstream gets the point releases out
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4a7d47fc0b30aa0ae9a6afc5835aba21afeab48b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4a7d47fc0b30aa0ae9a6afc5835aba21afeab48b
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260625/21d4fb0a/attachment.htm>
More information about the debian-security-tracker-commits
mailing list