buildroot/package/bind/bind.hash, branch 2016.02

bind: security bump to version 9.10.3-P3

2016-01-26T22:05:40+00:00

Fixes: CVE-2015-8704 - apl_42.c in ISC BIND 9.x before 9.9.8-P3 and 9.9.x and 9.10.x before 9.10.3-P3 allows remote authenticated users to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed Address Prefix List (APL) record. CVE-2015-8705 - buffer.c in named in ISC BIND 9.10.x before 9.10.3-P3, when debug logging is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit, or daemon crash) or possibly have unspecified other impact via (1) OPT data or (2) an ECS option. Signed-off-by: Gustavo Zacarias Signed-off-by: Peter Korsgaard

bind: bump to version 9.10.3-P2

2015-12-30T13:54:10+00:00

Leave the LTS series for the latest stable version for libressl compatibility. Unfortunately this means threads are now required, but this shouldn't be a problem for a fully-featured resolver. Drop 0001-disable-tests.patch since it's no longer required, genrandom isn't run unless the tests are called upon. Signed-off-by: Gustavo Zacarias Signed-off-by: Thomas Petazzoni

bind: security bump to version 9.9.8-P2

2015-12-17T21:48:46+00:00

Fixes: Named is potentially vulnerable to the OpenSSL vulnerabilty described in CVE-2015-3193. CVE-2015-8461 - Incorrect reference counting could result in an INSIST failure if a socket error occurred while performing a lookup. CVE-2015-8000 - Insufficient testing when parsing a message allowed records with an incorrect class to be be accepted, triggering a REQUIRE failure when those records were subsequently cached. Signed-off-by: Gustavo Zacarias Signed-off-by: Thomas Petazzoni

bind: bump to version 9.9.8

2015-10-09T13:23:46+00:00

Signed-off-by: Gustavo Zacarias Reviewed-by: Vicente Olivert Riera Tested-by: Vicente Olivert Riera Signed-off-by: Thomas Petazzoni

bind: security bump to version 9.9.7-P3

2015-09-04T14:07:37+00:00

Fixes: CVE-2015-5722 - denial-of-service vector which can be exploited remotely against a BIND server that is performing validation on DNSSEC-signed records. CVE-2015-5986 - denial-of-service vector which can be used against a BIND server that is performing recursion and (under limited conditions) an authoritative-only nameserver. Signed-off-by: Gustavo Zacarias Reviewed-by: Vicente Olivert Riera Tested-by: Vicente Olivert Riera Signed-off-by: Peter Korsgaard

bind: security bump to version 9.9.7-P2

2015-07-29T11:01:42+00:00

Fixes CVE-2015-5477 - An error in handling TKEY queries can cause named to exit with a REQUIRE assertion failure. Signed-off-by: Gustavo Zacarias Signed-off-by: Thomas Petazzoni

bind: security bump to version 9.9.7-P1

2015-07-08T21:46:06+00:00

Fixes: CVE-2015-4620 - On servers configured to perform DNSSEC validation an assertion failure could be triggered on answers from a specially configured server. Signed-off-by: Gustavo Zacarias Signed-off-by: Peter Korsgaard

bind: bump to version 9.9.7

2015-03-03T07:36:01+00:00

Signed-off-by: Gustavo Zacarias Signed-off-by: Peter Korsgaard

bind: security bump to version 9.9.6-P2

2015-02-19T20:27:04+00:00

Fixes CVE-2015-1349 - Revoking a managed trust anchor and supplying an untrusted replacement could cause namedto crash with an assertion failure. Signed-off-by: Gustavo Zacarias Signed-off-by: Thomas Petazzoni

bind: security bump to version 9.9.6-P1

2014-12-09T11:40:32+00:00

Fixes CVE-2014-8500 - A flaw in delegation handling could be exploited to put named into an infinite loop, in which each lookup of a name server triggered additional lookups of more name servers. Signed-off-by: Gustavo Zacarias Signed-off-by: Peter Korsgaard