[Git][security-tracker-team/security-tracker][master] new dnsdist issues

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Jun 25 15:59:18 BST 2026



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a0a1c8c1 by Moritz Muehlenhoff at 2026-06-25T16:56:18+02:00
new dnsdist issues

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,33 @@
+CVE-2026-40211
+	- dnsdist <unfixed>
+	[bookworm] - dnsdist <end-of-life> (See #1119290)
+	[bullseye] - dnsdist <end-of-life> (see #1119290)
+	NOTE: https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-09.html#cve-2026-40211-denial-of-service-via-crafted-doh3-queries
+CVE-2026-40210
+	- dnsdist <unfixed>
+	[bookworm] - dnsdist <end-of-life> (See #1119290)
+	[bullseye] - dnsdist <end-of-life> (see #1119290)
+	NOTE: https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-09.html#cve-2026-40210-out-of-bounds-read-in-setmacaddraction
+CVE-2026-40209
+	- dnsdist <unfixed>
+	[bookworm] - dnsdist <end-of-life> (See #1119290)
+	[bullseye] - dnsdist <end-of-life> (see #1119290)
+	NOTE: https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-09.html#cve-2026-40209-denial-of-service-via-ixfr-queries
+CVE-2026-40208
+	- dnsdist <unfixed>
+	[bookworm] - dnsdist <end-of-life> (See #1119290)
+	[bullseye] - dnsdist <end-of-life> (see #1119290)
+	NOTE: https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-09.html#cve-2026-40208-denial-of-service-via-doh3-queries
+CVE-2026-42004
+	- dnsdist <unfixed>
+	[bookworm] - dnsdist <end-of-life> (See #1119290)
+	[bullseye] - dnsdist <end-of-life> (see #1119290)
+	NOTE: https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-09.html#cve-2026-42004-edns-options-smuggling
+CVE-2026-40011
+	- dnsdist <unfixed>
+	[bookworm] - dnsdist <end-of-life> (See #1119290)
+	[bullseye] - dnsdist <end-of-life> (see #1119290)
+	NOTE: https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-09.html#cve-2026-40011-prometheus-denial-of-service-via-crafted-dns-queries
 CVE-2026-52690
 	- pdns-recursor <unfixed>
 	[bookworm] - pdns-recursor <end-of-life> (see DSA 6045)
@@ -31,10 +61,14 @@ CVE-2026-42005
 	- pdns <unfixed>
 	[bookworm] - pdns <end-of-life> (See #1119290)
 	[bullseye] - pdns <end-of-life> (see DLA 4471)
+	- dnsdist <unfixed>
+	[bookworm] - dnsdist <end-of-life> (See #1119290)
+	[bullseye] - dnsdist <end-of-life> (see #1119290)
 	NOTE: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2026-08.html#cve-2026-42005-unbounded-resource-consumption-in-internal-webserver
-	NOTE: Only affects 5.2.x, marking first 5.3 upload as fixed version
+	NOTE: Only affects pdns-rec 5.2.x, marking first 5.3 upload as fixed version
 	NOTE: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2026-07.html
 	NOTE: https://github.com/PowerDNS/pdns/commit/11e4f2da8259e5070e7a193f48d23ade38b71dc0
+	NOTE: https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-09.html#cve-2026-42005-insufficient-input-validation-of-internal-web-server
 CVE-2026-40012
 	- pdns-recursor <unfixed>
 	[bookworm] - pdns-recursor <end-of-life> (see DSA 6045)


=====================================
data/dsa-needed.txt
=====================================
@@ -21,6 +21,8 @@ containerd
 --
 cups
 --
+dnsdist (jmm)
+--
 dulwich
 --
 erlang



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a0a1c8c1ebda8e91dc5552166af0845563851d8c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a0a1c8c1ebda8e91dc5552166af0845563851d8c
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260625/a12cb40a/attachment.htm>


More information about the debian-security-tracker-commits mailing list