Message ID | 20211030173554.20086-1-peter@korsgaard.com |
---|---|
State | Accepted |
Headers | show |
Series | package/bind: security bump to version 9.11.36 | expand |
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes: > Fixes the following security issues: > - CVE-2021-25219: Lame cache can be abused to severely degrade resolver > performance > For details, see the advisory: > https://kb.isc.org/docs/cve-2021-25219 > Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Committed, thanks.
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes: > Fixes the following security issues: > - CVE-2021-25219: Lame cache can be abused to severely degrade resolver > performance > For details, see the advisory: > https://kb.isc.org/docs/cve-2021-25219 > Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Committed to 2021.02.x and 2021.08.x, thanks.
diff --git a/package/bind/bind.hash b/package/bind/bind.hash index 12b80149c5..70299f1677 100644 --- a/package/bind/bind.hash +++ b/package/bind/bind.hash @@ -1,4 +1,4 @@ -# Verified from https://ftp.isc.org/isc/bind9/9.11.35/bind-9.11.35.tar.gz.asc -# with key E9AB6E79233C0416E8993F450C03AFA90A5967C4 -sha256 1c882705827b6aafa45d917ae3b20eccccc8d5df3c4477df44b04382e6c47562 bind-9.11.35.tar.gz +# Verified from https://ftp.isc.org/isc/bind9/9.11.36/bind-9.11.36.tar.gz.asc +# with key AADBBA5074F1402F7B69D56BC5B4EE931A9F9DFD +sha256 c953fcb6703b395aaa53e65ff8b2869b69a5303dd60507cba2201305e1811681 bind-9.11.36.tar.gz sha256 cad49daa42654bc241762cd998630168a2542c8fd6fad3881e2eac1510bb6fcd COPYRIGHT diff --git a/package/bind/bind.mk b/package/bind/bind.mk index 0d95da209c..ba32d6150a 100644 --- a/package/bind/bind.mk +++ b/package/bind/bind.mk @@ -4,7 +4,7 @@ # ################################################################################ -BIND_VERSION = 9.11.35 +BIND_VERSION = 9.11.36 BIND_SITE = https://ftp.isc.org/isc/bind9/$(BIND_VERSION) # bind does not support parallel builds. BIND_MAKE = $(MAKE1)
Fixes the following security issues: - CVE-2021-25219: Lame cache can be abused to severely degrade resolver performance For details, see the advisory: https://kb.isc.org/docs/cve-2021-25219 Signed-off-by: Peter Korsgaard <peter@korsgaard.com> --- package/bind/bind.hash | 6 +++--- package/bind/bind.mk | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-)