Bug#1059278: systemd: CVE-2023-7008
Luca Boccassi
bluca at debian.org
Fri Dec 22 12:17:47 GMT 2023
Control: tags -1 minor
On Fri, 22 Dec 2023 13:09:50 +0100 =?UTF-8?Q?Moritz_M=C3=BChlenhoff?=
<jmm at inutil.org> wrote:
> Source: systemd
> X-Debbugs-CC: team at security.debian.org
> Severity: important
> Tags: security
>
> Hi,
>
> The following vulnerability was published for systemd.
>
> CVE-2023-7008[0]:
> Unsigned name response in signed zone is not refused when DNSSEC=yes
>
> https://bugzilla.redhat.com/show_bug.cgi?id=2222672
> https://github.com/systemd/systemd/issues/25676
>
>
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
>
> For further information see:
>
> [0] https://security-tracker.debian.org/tracker/CVE-2023-7008
> https://www.cve.org/CVERecord?id=CVE-2023-7008
>
> Please adjust the affected versions in the BTS as needed.
This is minor at best, as we don't ship this as enabled anywhere, it's
disabled by default. The CVE was also raised behind our backs, with no
engagement whatsoever, so there is some glaring and major process
problem that I am trying to get to the bottom of.
--
Kind regards,
Luca Boccassi
More information about the Pkg-systemd-maintainers
mailing list