-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 26 Feb 2019 21:52:49 +0100 Source: bind9 Architecture: source Version: 1:9.11.5.P4+dfsg-1~bpo9+1 Distribution: stretch-backports Urgency: high Maintainer: Debian DNS Team <team+dns@tracker.debian.org> Changed-By: Bernhard Schmidt <berni@debian.org> Closes: 900879 920530 922065 Changes: bind9 (1:9.11.5.P4+dfsg-1~bpo9+1) stretch-backports; urgency=high . * Rebuild for stretch-backports. * High Urgency and before testing migration due to CVE-2018-5744 . bind9 (1:9.11.5.P4+dfsg-1) unstable; urgency=high . [ Bernhard Schmidt ] * New upstream version 9.11.5.P4+dfsg - CVE-2018-5744: A specially crafted packet can cause named to leak memory - CVE-2018-5745: An assertion failure can occur if a trust anchor rolls over to an unsupported key algorithm when using managed-keys - CVE-2019-6465: Controls for zone transfers might not be properly applied to Dynamically Loadable Zones (DLZs) if the zones are writable. * d/watch: Do not use beta or RC versions * d/libdns1104.symbols: fix symbols-file-contains-debian-revision for dnstap symbols . [ Ondřej Surý ] * Add new upstream GPG signing-key . bind9 (1:9.11.5.P1+dfsg-2) unstable; urgency=medium . [ Dominik George ] * Support dyndb modules with apparmor. (Closes: #900879) . [ Bernhard Schmidt ] * apparmor-policy: permit locking of the allow-new-zones database (Closes: #922065) * apparmor-policy: allow access to Samba DLZ files (Closes: #920530) Checksums-Sha1: b3f1a8dbe720ea0aedef7512ab4d222697ee6776 3957 bind9_9.11.5.P4+dfsg-1~bpo9+1.dsc 5f3c14b760a987b5353c04d939fa0f91533a0c57 3956484 bind9_9.11.5.P4+dfsg.orig.tar.xz 53dc26de22d41e6b2a3f4a8b66117be5b03ffe7f 88980 bind9_9.11.5.P4+dfsg-1~bpo9+1.debian.tar.xz 521bb255c47a604e97398e229017e6728349cb1c 6263 bind9_9.11.5.P4+dfsg-1~bpo9+1_source.buildinfo Checksums-Sha256: 356ff90ee5080a6b0e95261cf754c4f67bd2c03904af81fe9f3837c129260199 3957 bind9_9.11.5.P4+dfsg-1~bpo9+1.dsc 34b20e4e17875d5c4280d52264bae08f527e38eb6bcfca431432b0cafcd03c6d 3956484 bind9_9.11.5.P4+dfsg.orig.tar.xz ab3bc5c92ad351af13f6958c1de0ffdb98905adb7b515b9c53cf4a6eaef54008 88980 bind9_9.11.5.P4+dfsg-1~bpo9+1.debian.tar.xz cb0d8c4ec6ad7b2657330e39ef9d90bc1e98d5bab569684cf652114e86fab2c1 6263 bind9_9.11.5.P4+dfsg-1~bpo9+1_source.buildinfo Files: 1aa507e6718c1cc333d80a552a5d0b02 3957 net optional bind9_9.11.5.P4+dfsg-1~bpo9+1.dsc b59921f04a722b0a30fab88dcf256449 3956484 net optional bind9_9.11.5.P4+dfsg.orig.tar.xz 4100378483ca3a9730c8670a3326b0dd 88980 net optional bind9_9.11.5.P4+dfsg-1~bpo9+1.debian.tar.xz 7d815eb6452ca52a31211acf13c6176b 6263 net optional bind9_9.11.5.P4+dfsg-1~bpo9+1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJFBAEBCgAvFiEE1uAexRal3873GVbTd1B55bhQvJMFAlx1sgcRHGJlcm5pQGRl Ymlhbi5vcmcACgkQd1B55bhQvJMR5Q/8DKsU8O2uWhPFM03EbWslRHBxp0FgoCB2 IKgZNzWFZ+6A40VQc8SiDW8iFJGyta7UuGw8c7uQf7CxA8oihfgAOqSYTcHAltBm z8r4P/gRR+IsX7V8KRhGw+ovId0V2ZsKxz3ZAevQunDex6VIRFmxgxOVTKFR36sp O402YujSXvu3NpAezJZvz0eSF7mGtM91GwI3Tw8JLO1SKppC6OQ2vWRImmZgRHVD J/OtZgZo3pFXDTCMVQJIvq2cqNbLF3bwTPxp9SDL0VoCSYwTroLEFe399dOhBS4r rg1ioKFhYc9BqRTShtOqXrAG7xQGtWmvjT2GJOzR2PHI0k7cAUxkRxa/jHdFtmMm miLaiUB25SdorZ51ZNUoWTkiqTyvNDnmx5G/OohJ0Z4blv8+DRKv20MZeoLA1JPQ 2R1ZRwl60JbM8hEQm+4wk3F75DunYd1m9xWIcPdMid2U+v36v5onT6HH5MYjtOuY 71IysKxqx5qqWE+sqtAPQ13EXPYqKivjn62KUJHARSwUsCmc1ldN/hva00Ry7PLR n2XVALf+7u7yiLDme8LDQzNohUChExxZMJkVntO+pM6kUPrlJi9PCgU8cig49MaI uVFJpPx/ktm9OT25w4pOs8ynJ5/BavJ20o5rBr3B/CWDZx1lWkQ8F1M18bndmgF2 R7PKHgWpD0U= =NW/h -----END PGP SIGNATURE-----