diff mbox series

[1/1] package/bind: security bump to version 9.16.33

Message ID 20221001212114.11912-1-fontaine.fabrice@gmail.com
State Accepted
Headers show
Series [1/1] package/bind: security bump to version 9.16.33 | expand

Commit Message

Fabrice Fontaine Oct. 1, 2022, 9:21 p.m. UTC 
- Fix memory leak in EdDSA verify processing. (CVE-2022-38178)
- Fix memory leak in ECDSA verify processing. (CVE-2022-38177)
- Fix serve-stale crash that could happen when
  stale-answer-client-timeout was set to 0 and there was a stale CNAME
  in the cache for an incoming query. (CVE-2022-3080)
- Prevent excessive resource use while processing large delegations.
  (CVE-2022-2795)

https://gitlab.isc.org/isc-projects/bind9/-/blob/v9_16_33/CHANGES

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
 package/bind/bind.hash | 4 ++--
 package/bind/bind.mk   | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

Comments

Peter Korsgaard Oct. 14, 2022, 2:09 p.m. UTC | #1 
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:

 > - Fix memory leak in EdDSA verify processing. (CVE-2022-38178)
 > - Fix memory leak in ECDSA verify processing. (CVE-2022-38177)
 > - Fix serve-stale crash that could happen when
 >   stale-answer-client-timeout was set to 0 and there was a stale CNAME
 >   in the cache for an incoming query. (CVE-2022-3080)
 > - Prevent excessive resource use while processing large delegations.
 >   (CVE-2022-2795)

 > https://gitlab.isc.org/isc-projects/bind9/-/blob/v9_16_33/CHANGES

 > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>

Committed, thanks.
Peter Korsgaard Oct. 15, 2022, 3:32 p.m. UTC | #2 
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:

 > - Fix memory leak in EdDSA verify processing. (CVE-2022-38178)
 > - Fix memory leak in ECDSA verify processing. (CVE-2022-38177)
 > - Fix serve-stale crash that could happen when
 >   stale-answer-client-timeout was set to 0 and there was a stale CNAME
 >   in the cache for an incoming query. (CVE-2022-3080)
 > - Prevent excessive resource use while processing large delegations.
 >   (CVE-2022-2795)

 > https://gitlab.isc.org/isc-projects/bind9/-/blob/v9_16_33/CHANGES

 > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>

Committed to 2022.08.x and 2022.02.x, thanks.
diff mbox series

Patch

diff --git a/package/bind/bind.hash b/package/bind/bind.hash
index 171edc8806..d41a9bbc5e 100644
--- a/package/bind/bind.hash
+++ b/package/bind/bind.hash
@@ -1,4 +1,4 @@ 
-# Verified from https://ftp.isc.org/isc/bind9/9.16.31/bind-9.16.31.tar.xz.asc
+# Verified from https://ftp.isc.org/isc/bind9/9.16.33/bind-9.16.33.tar.xz.asc
 # with key AADBBA5074F1402F7B69D56BC5B4EE931A9F9DFD
-sha256  8ca2cb6c37b605c70f7a25f0cf8a94d2040e025824db2341b92625efd96e7cfb  bind-9.16.31.tar.xz
+sha256  ec4fbea4b2e368d1824971509e33fa159224ad14b436034c6bcd46104c328d91  bind-9.16.33.tar.xz
 sha256  daf6f1eddf5983ed664a2d125b619e56e2e93917c19d0d41c7586ea153ba2155  COPYRIGHT
diff --git a/package/bind/bind.mk b/package/bind/bind.mk
index b1494d7596..abc3100e6d 100644
--- a/package/bind/bind.mk
+++ b/package/bind/bind.mk
@@ -4,7 +4,7 @@ 
 #
 ################################################################################
 
-BIND_VERSION = 9.16.31
+BIND_VERSION = 9.16.33
 BIND_SOURCE= bind-$(BIND_VERSION).tar.xz
 BIND_SITE = https://ftp.isc.org/isc/bind9/$(BIND_VERSION)
 # bind does not support parallel builds.