-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 25 Aug 2020 10:10:23 +0200 Source: bind9 Architecture: source Version: 1:9.11.5.P4+dfsg-5.1+deb10u2 Distribution: buster-security Urgency: high Maintainer: Debian DNS Team <team+dns@tracker.debian.org> Changed-By: Salvatore Bonaccorso <carnil@debian.org> Closes: 966497 Changes: bind9 (1:9.11.5.P4+dfsg-5.1+deb10u2) buster-security; urgency=high . [ Salvatore Bonaccorso ] * [CVE-2020-8622] Properly handle malformed truncated responses to TSIG queries * [CVE-2020-8623] Fix crash in pk11_numbits() with crafted packet when native-pkcs11 is used * Wait more than 1 second for NSEC3 chain changes * [CVE-2020-8624] Fix processing of "update-policy" rules of type "subdomain" (Closes: #966497) . [ Ondřej Surý ] * [CVE-2020-8619]: It was possible to trigger a INSIST when a zone with interior (non-leaf) wildcard label Checksums-Sha1: eb6156226dbc764817a8cf646867b54f0602935f 4121 bind9_9.11.5.P4+dfsg-5.1+deb10u2.dsc ae8841adc22c92dec551a217d094e652c69ac63e 115228 bind9_9.11.5.P4+dfsg-5.1+deb10u2.debian.tar.xz Checksums-Sha256: 5445f9ec928d86424e0055dc94b23a6e2f7e489c8341ded8f9ebe3922390d391 4121 bind9_9.11.5.P4+dfsg-5.1+deb10u2.dsc 3acbfb4e1703795f19282a211c9f0f92d7bb55332436f50b04e1e2cf9e8c5a90 115228 bind9_9.11.5.P4+dfsg-5.1+deb10u2.debian.tar.xz Files: 3ca15ac04b07b4f0d26f3345ff960b0e 4121 net optional bind9_9.11.5.P4+dfsg-5.1+deb10u2.dsc 4dc65995fbee6a3f9c9a4ccaae4b86f4 115228 net optional bind9_9.11.5.P4+dfsg-5.1+deb10u2.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl9EyxlfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89E6K4P/1j/DQPAaBCsnwKclD6ksQOsG6pqUzTX hTqt87FrP8hkY+aHUTCKqgxk56vk4DlJBR8ir9LSP1x9WwOGEHbh0WxYCszcfx97 +OAlY1gafhIf9jSvyDR6CuECzJjaK92JfICBkp5Uk1CHbGlkgrWj0aVGsGYPE1KC pdic4pelaFal9FYVvOvBhwyKaSHofV/D/WB5UX0v7RUo+vxxNAIK9+691epEFIR8 awzphEBZIpqfrzORiMWSBWHFjnGbU6MGTtOmhgFk7Cz8tYhoaWlOE0nVftxQGbn8 l/AI+MDOWShsX+gi6GaeSOifJdYWYS2ed3jZXb+umngJ0otfejhgeqw3lF0KU2Qu 9OaZRZgVXt5eUGfKwXwGpoNVrV+imfveafxwGJ+rNvQLsy5GnyxPQ9b7eEj3MpDQ ajmxhorVYlE3NKP3ZJowHUHk9Myrbxku7E0+dKfXJjc/M7WvuwXGkrlWhDGb8rbO CKSC4NHjwfRP1ZHAjqr0eWxTmawIIT/RmxEXydZI2dOcRJGFxYddKK/6Qv81NtBc qhLGvieojIx+i8chTxJcP++fx7tqOMJ3ZA0bvYnYwjMT8IuC/Bx+XQ+8TcRV7jvt L19fviFzMCysM02WZ/T7TvpyTcptlgqArcXJCSqyy2g5A5gsy3rVekmV/tMHJoa7 NKJ9n2dv289R =SL1w -----END PGP SIGNATURE-----