[pkg-go] Bug#888777: Bug#888777: golang-github-miekg-dns: CVE-2017-15133
Michael Stapelberg
stapelberg at debian.org
Mon Jan 29 20:48:56 UTC 2018
After fixing this bug, we’ll need to rebuild the following binaries:
golang-github-hashicorp-consul-dev
golang-github-hashicorp-mdns-dev
golang-github-xenolf-lego-dev
docker.io
prometheus-blackbox-exporter
coyim
rawdns
goiardi
prometheus
dnss
kubernetes-client
golang-dns-dev
golang-github-hashicorp-memberlist-dev
golang-github-skynetservices-skydns-dev
On Mon, Jan 29, 2018 at 8:57 PM, Salvatore Bonaccorso <carnil at debian.org>
wrote:
> Source: golang-github-miekg-dns
> Version: 0.0~git20161018.0.58f52c5-1
> Severity: important
> Tags: patch security upstream
>
> Hi,
>
> the following vulnerability was published for golang-github-miekg-dns.
>
> CVE-2017-15133[0]:
> | A denial of service flaw was found in miekg-dns before 1.0.4. A remote
> | attacker could use carefully timed TCP packets to block the DNS server
> | from accepting new connections.
>
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
>
> For further information see:
>
> [0] https://security-tracker.debian.org/tracker/CVE-2017-15133
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15133
> [1] https://github.com/miekg/dns/issues/627
>
> Please adjust the affected versions in the BTS as needed.
>
> Regards,
> Salvatore
>
> _______________________________________________
> Pkg-go-maintainers mailing list
> Pkg-go-maintainers at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-go-maintainers
>
--
Best regards,
Michael
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-go-maintainers/attachments/20180129/c12469a2/attachment.html>
More information about the Pkg-go-maintainers
mailing list