| Message ID | 1453465691-24718-1-git-send-email-gustavo@zacarias.com.ar |
|---|---|
| State | Accepted |
| Commit | 0a7cea9b80cffc0c0c16f5b59980518362b7b154 |
| Headers | show |
>>>>> "Gustavo" == Gustavo Zacarias <gustavo@zacarias.com.ar> writes: > Fixes: > CVE-2015-8704 - apl_42.c in ISC BIND 9.x before 9.9.8-P3 and 9.9.x and > 9.10.x before 9.10.3-P3 allows remote authenticated users to cause a > denial of service (INSIST assertion failure and daemon exit) via a > malformed Address Prefix List (APL) record. > CVE-2015-8705 - buffer.c in named in ISC BIND 9.10.x before 9.10.3-P3, > when debug logging is enabled, allows remote attackers to cause a denial > of service (REQUIRE assertion failure and daemon exit, or daemon crash) > or possibly have unspecified other impact via (1) OPT data or (2) an ECS > option. > Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Committed, thanks.
diff --git a/package/bind/bind.hash b/package/bind/bind.hash index ae71bd1..fea800c 100644 --- a/package/bind/bind.hash +++ b/package/bind/bind.hash @@ -1,2 +1,2 @@ -# Verified from ftp://ftp.isc.org/isc/bind9/9.10.3-P2/bind-9.10.3-P2.tar.gz.sha256.asc -sha256 4a6c1911ac0d4b6be635b63de3429b6c168ea244043f12bbc8a4eb3368fd6ecd bind-9.10.3-P2.tar.gz +# Verified from ftp://ftp.isc.org/isc/bind9/9.10.3-P3/bind-9.10.3-P3.tar.gz.sha256.asc +sha256 690810d1fbb72afa629e74638d19cd44e28d2b2e5eb63f55c705ad85d1a4cb83 bind-9.10.3-P3.tar.gz diff --git a/package/bind/bind.mk b/package/bind/bind.mk index f74774b..a5b571a 100644 --- a/package/bind/bind.mk +++ b/package/bind/bind.mk @@ -4,7 +4,7 @@ # ################################################################################ -BIND_VERSION = 9.10.3-P2 +BIND_VERSION = 9.10.3-P3 BIND_SITE = ftp://ftp.isc.org/isc/bind9/$(BIND_VERSION) BIND_INSTALL_STAGING = YES BIND_CONFIG_SCRIPTS = bind9-config isc-config.sh
Fixes: CVE-2015-8704 - apl_42.c in ISC BIND 9.x before 9.9.8-P3 and 9.9.x and 9.10.x before 9.10.3-P3 allows remote authenticated users to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed Address Prefix List (APL) record. CVE-2015-8705 - buffer.c in named in ISC BIND 9.10.x before 9.10.3-P3, when debug logging is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit, or daemon crash) or possibly have unspecified other impact via (1) OPT data or (2) an ECS option. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> --- package/bind/bind.hash | 4 ++-- package/bind/bind.mk | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-)