[Git][security-tracker-team/security-tracker][master] Track fixed version for pdns-recursor issues via unstable
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sun Jun 28 06:17:50 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c518c799 by Salvatore Bonaccorso at 2026-06-28T07:16:52+02:00
Track fixed version for pdns-recursor issues via unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1716,37 +1716,37 @@ CVE-2026-40011 (An attacker sending a large number of crafted DNS queries might
NOTE: https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-09.html#cve-2026-40011-prometheus-denial-of-service-via-crafted-dns-queries
CVE-2026-52690 (Spoofing replies to Recursor might mark an IP of an authoritative serv ...)
{DSA-6369-1}
- - pdns-recursor <unfixed>
+ - pdns-recursor 5.4.3-1
[bookworm] - pdns-recursor <end-of-life> (see DSA 6045)
[bullseye] - pdns-recursor <end-of-life> (see DSA 6045)
NOTE: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2026-08.html#cve-2026-52690-spoofed-answers-can-mark-an-authoritative-non-edns-capable
CVE-2026-42387 (A malicious authoritative server can send a crafted zone via the ZoneT ...)
{DSA-6369-1}
- - pdns-recursor <unfixed>
+ - pdns-recursor 5.4.3-1
[bookworm] - pdns-recursor <end-of-life> (see DSA 6045)
[bullseye] - pdns-recursor <end-of-life> (see DSA 6045)
NOTE: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2026-08.html#cve-2026-42387-insufficient-input-validation-in-zonetocache
CVE-2026-42388 (Incomplete validation of the SOA record present in a catalog zone migh ...)
{DSA-6369-1}
- - pdns-recursor <unfixed>
+ - pdns-recursor 5.4.3-1
[bookworm] - pdns-recursor <end-of-life> (see DSA 6045)
[bullseye] - pdns-recursor <end-of-life> (see DSA 6045)
NOTE: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2026-08.html#cve-2026-42388-missing-input-validation-for-catalog-zones
CVE-2026-42389 (This fix provides extra hardening for the 5.4.x branch by doing extra ...)
- - pdns-recursor <unfixed>
+ - pdns-recursor 5.4.3-1
[trixie] - pdns-recursor <not-affected> (Vulnerable code not present, only affects 5.4.x)
[bookworm] - pdns-recursor <not-affected> (Vulnerable code not present, only affects 5.4.x)
[bullseye] - pdns-recursor <not-affected> (Vulnerable code not present, only affects 5.4.x)
NOTE: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2026-08.html#cve-2026-42389-reject-more-queries-with-invalid-header-values
CVE-2026-42390 (An invalid zone might pass ZONEMD validation while it should not. This ...)
{DSA-6369-1}
- - pdns-recursor <unfixed>
+ - pdns-recursor 5.4.3-1
[bookworm] - pdns-recursor <end-of-life> (see DSA 6045)
[bullseye] - pdns-recursor <end-of-life> (see DSA 6045)
NOTE: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2026-08.html#cve-2026-42390-zonemd-validation-can-be-bypassed
CVE-2026-42005 (An attacker can send a web request that causes unlimited memory alloc ...)
{DSA-6369-1 DSA-6368-1 DSA-6367-1}
- - pdns-recursor 5.3.0-1
+ - pdns-recursor 5.4.3-1
[bookworm] - pdns-recursor <end-of-life> (see DSA 6045)
[bullseye] - pdns-recursor <end-of-life> (see DSA 6045)
- pdns 5.1.2-1
@@ -1762,13 +1762,13 @@ CVE-2026-42005 (An attacker can send a web request that causes unlimited memory
NOTE: https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-09.html#cve-2026-42005-insufficient-input-validation-of-internal-web-server
CVE-2026-40012 (ECS zero scoped answers are stored in the packet cache while they shou ...)
{DSA-6369-1}
- - pdns-recursor <unfixed>
+ - pdns-recursor 5.4.3-1
[bookworm] - pdns-recursor <end-of-life> (see DSA 6045)
[bullseye] - pdns-recursor <end-of-life> (see DSA 6045)
NOTE: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2026-08.html#cve-2026-40012-information-about-ecs-zero-scoped-answers-might-leak-to-clients-that-use-a-specific-ecs
CVE-2026-33612 (A malicious authoritative server can send a crafted zone via the ZoneT ...)
{DSA-6369-1}
- - pdns-recursor <unfixed>
+ - pdns-recursor 5.4.3-1
[bookworm] - pdns-recursor <end-of-life> (see DSA 6045)
[bullseye] - pdns-recursor <end-of-life> (see DSA 6045)
NOTE: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2026-08.html#cve-2026-3361-zonetocache-can-poison-the-cache
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c518c7990d6070262dbca4d0819844e67d3504cb
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c518c7990d6070262dbca4d0819844e67d3504cb
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260628/9333a8e7/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list