[Git][security-tracker-team/security-tracker][master] Reserve DSA number for bind9 update

Fri Mar 27 22:35:04 GMT 2026


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c204436c by Salvatore Bonaccorso at 2026-03-27T23:34:37+01:00
Reserve DSA number for bind9 update

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1424,6 +1424,7 @@ CVE-2026-1519 (If a BIND resolver is performing DNSSEC validation and encounters
 	NOTE: https://gitlab.isc.org/isc-projects/bind9/-/commit/ef01ff31db4be0d737949fd785fa52c491041eb4 (v9.20.21)
 CVE-2026-3104 (A specially crafted domain can be used to cause a memory leak in a BIN ...)
 	- bind9 1:9.20.21-1
+	[trixie] - bind9 1:9.20.21-1~deb13u1
 	[bookworm] - bind9 <not-affected> (Vulnerable code not present)
 	[bullseye] - bind9 <not-affected> (Vulnerable code not present)
 	NOTE: https://kb.isc.org/docs/cve-2026-3104
@@ -1431,6 +1432,7 @@ CVE-2026-3104 (A specially crafted domain can be used to cause a memory leak in
 	NOTE: https://gitlab.isc.org/isc-projects/bind9/-/commit/5f15df5c53a445846083c46a9437910f8f6c3127 (v9.20.21)
 CVE-2026-3119 (Under certain conditions, `named` may crash when processing a correctl ...)
 	- bind9 1:9.20.21-1
+	[trixie] - bind9 1:9.20.21-1~deb13u1
 	[bookworm] - bind9 <not-affected> (Vulnerable code not present)
 	[bullseye] - bind9 <not-affected> (Vulnerable code not present)
 	NOTE: https://kb.isc.org/docs/cve-2026-3119
@@ -1438,6 +1440,7 @@ CVE-2026-3119 (Under certain conditions, `named` may crash when processing a cor
 	NOTE: https://gitlab.isc.org/isc-projects/bind9/-/commit/163db61ebdae99894b83dbbb9bcea0485a3bc7ee (v9.20.21)
 CVE-2026-3591 (A use-after-return vulnerability exists in the `named` server when han ...)
 	- bind9 1:9.20.21-1
+	[trixie] - bind9 1:9.20.21-1~deb13u1
 	[bookworm] - bind9 <not-affected> (Vulnerable code not present)
 	[bullseye] - bind9 <not-affected> (Vulnerable code not present)
 	NOTE: https://kb.isc.org/docs/cve-2026-3591


=====================================
data/DSA/list
=====================================
@@ -1,3 +1,7 @@
+[27 Mar 2026] DSA-6181-1 bind9 - security update
+	{CVE-2026-1519}
+	[bookworm] - bind9 1:9.18.47-1~deb12u1
+	[trixie] - bind9 1:9.20.21-1~deb13u1
 [26 Mar 2026] DSA-6180-1 ruby-rack - security update
 	{CVE-2026-22860 CVE-2026-25500}
 	[bookworm] - ruby-rack 2.2.22-0+deb12u1


=====================================
data/dsa-needed.txt
=====================================
@@ -15,9 +15,6 @@ If needed, specify the release by adding a slash after the name of the source pa
 amd64-microcode (carnil)
   Coordinating with maintainer DSA/bookworm-pu and sync with mitgations in src:linux
 --
-bind9 (carnil)
-  Maintainer prepared an update
---
 ceph
  for CVE-2024-47866, rest harmless
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c204436c5ccb12c69496347145cf613dc076a347

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c204436c5ccb12c69496347145cf613dc076a347
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260327/68a18181/attachment-0001.htm>
