[Git][security-tracker-team/security-tracker][master] Track fixed version for pdns-recursor issues via unstable

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun Jun 28 06:17:50 BST 2026



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c518c799 by Salvatore Bonaccorso at 2026-06-28T07:16:52+02:00
Track fixed version for pdns-recursor issues via unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1716,37 +1716,37 @@ CVE-2026-40011 (An attacker sending a large number of crafted DNS queries might
 	NOTE: https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-09.html#cve-2026-40011-prometheus-denial-of-service-via-crafted-dns-queries
 CVE-2026-52690 (Spoofing replies to Recursor might mark an IP of an authoritative serv ...)
 	{DSA-6369-1}
-	- pdns-recursor <unfixed>
+	- pdns-recursor 5.4.3-1
 	[bookworm] - pdns-recursor <end-of-life> (see DSA 6045)
 	[bullseye] - pdns-recursor <end-of-life> (see DSA 6045)
 	NOTE: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2026-08.html#cve-2026-52690-spoofed-answers-can-mark-an-authoritative-non-edns-capable
 CVE-2026-42387 (A malicious authoritative server can send a crafted zone via the ZoneT ...)
 	{DSA-6369-1}
-	- pdns-recursor <unfixed>
+	- pdns-recursor 5.4.3-1
 	[bookworm] - pdns-recursor <end-of-life> (see DSA 6045)
 	[bullseye] - pdns-recursor <end-of-life> (see DSA 6045)
 	NOTE: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2026-08.html#cve-2026-42387-insufficient-input-validation-in-zonetocache
 CVE-2026-42388 (Incomplete validation of the SOA record present in a catalog zone migh ...)
 	{DSA-6369-1}
-	- pdns-recursor <unfixed>
+	- pdns-recursor 5.4.3-1
 	[bookworm] - pdns-recursor <end-of-life> (see DSA 6045)
 	[bullseye] - pdns-recursor <end-of-life> (see DSA 6045)
 	NOTE: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2026-08.html#cve-2026-42388-missing-input-validation-for-catalog-zones
 CVE-2026-42389 (This fix provides extra hardening for the 5.4.x branch by doing extra  ...)
-	- pdns-recursor <unfixed>
+	- pdns-recursor 5.4.3-1
 	[trixie] - pdns-recursor <not-affected> (Vulnerable code not present, only affects 5.4.x)
 	[bookworm] - pdns-recursor <not-affected> (Vulnerable code not present, only affects 5.4.x)
 	[bullseye] - pdns-recursor <not-affected> (Vulnerable code not present, only affects 5.4.x)
 	NOTE: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2026-08.html#cve-2026-42389-reject-more-queries-with-invalid-header-values
 CVE-2026-42390 (An invalid zone might pass ZONEMD validation while it should not. This ...)
 	{DSA-6369-1}
-	- pdns-recursor <unfixed>
+	- pdns-recursor 5.4.3-1
 	[bookworm] - pdns-recursor <end-of-life> (see DSA 6045)
 	[bullseye] - pdns-recursor <end-of-life> (see DSA 6045)
 	NOTE: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2026-08.html#cve-2026-42390-zonemd-validation-can-be-bypassed
 CVE-2026-42005 (An attacker can send a web request that causes unlimited memory  alloc ...)
 	{DSA-6369-1 DSA-6368-1 DSA-6367-1}
-	- pdns-recursor 5.3.0-1
+	- pdns-recursor 5.4.3-1
 	[bookworm] - pdns-recursor <end-of-life> (see DSA 6045)
 	[bullseye] - pdns-recursor <end-of-life> (see DSA 6045)
 	- pdns 5.1.2-1
@@ -1762,13 +1762,13 @@ CVE-2026-42005 (An attacker can send a web request that causes unlimited memory
 	NOTE: https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-09.html#cve-2026-42005-insufficient-input-validation-of-internal-web-server
 CVE-2026-40012 (ECS zero scoped answers are stored in the packet cache while they shou ...)
 	{DSA-6369-1}
-	- pdns-recursor <unfixed>
+	- pdns-recursor 5.4.3-1
 	[bookworm] - pdns-recursor <end-of-life> (see DSA 6045)
 	[bullseye] - pdns-recursor <end-of-life> (see DSA 6045)
 	NOTE: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2026-08.html#cve-2026-40012-information-about-ecs-zero-scoped-answers-might-leak-to-clients-that-use-a-specific-ecs
 CVE-2026-33612 (A malicious authoritative server can send a crafted zone via the ZoneT ...)
 	{DSA-6369-1}
-	- pdns-recursor <unfixed>
+	- pdns-recursor 5.4.3-1
 	[bookworm] - pdns-recursor <end-of-life> (see DSA 6045)
 	[bullseye] - pdns-recursor <end-of-life> (see DSA 6045)
 	NOTE: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2026-08.html#cve-2026-3361-zonetocache-can-poison-the-cache



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c518c7990d6070262dbca4d0819844e67d3504cb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c518c7990d6070262dbca4d0819844e67d3504cb
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260628/9333a8e7/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list