-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 16 Feb 2021 09:35:53 +0100 Source: bind9-libs Architecture: source Version: 1:9.11.19+dfsg-2 Distribution: unstable Urgency: high Maintainer: Debian DNS Team <team+dns@tracker.debian.org> Changed-By: Ondřej Surý <ondrej@debian.org> Changes: bind9-libs (1:9.11.19+dfsg-2) unstable; urgency=high . * Although none of these CVEs affect the ISC DHCP, it's better to have them all fixed just for the same the assumption proves false in the future: + [CVE-2020-8625]: Fix off-by-one bug in ISC SPNEGO implementation. + [CVE-2020-8624]: "update-policy" rules of type "subdomain" were incorrectly treated as "zonesub" rules, which allowed keys used in "subdomain" rules to update names outside of the specified subdomains. The problem was fixed by making sure "subdomain" rules are again processed as described in the ARM. + [CVE-2020-8622]: It was possible to trigger an assertion failure when verifying the response to a TSIG-signed request. Checksums-Sha1: f0964667391ef5d4cdf1da6d02ef8307dfe09cfa 3516 bind9-libs_9.11.19+dfsg-2.dsc 042f08311775a8621736d3d8176df036acdf3438 74728 bind9-libs_9.11.19+dfsg-2.debian.tar.xz f55a020c056da209e4c54b861f5311722e4f396e 16108 bind9-libs_9.11.19+dfsg-2_amd64.buildinfo Checksums-Sha256: a5741e636e41e17b26e95b613534f71cd6ab36b94e6e0bc83a9dd749d81f25f5 3516 bind9-libs_9.11.19+dfsg-2.dsc a880b3e4b6af738857e984d93d86cad84d93f523ce7caf3ae48970be750dbf07 74728 bind9-libs_9.11.19+dfsg-2.debian.tar.xz 2128d748487136eb9157213fd7c8a50e65800ea898649d575b97849ab9c37c93 16108 bind9-libs_9.11.19+dfsg-2_amd64.buildinfo Files: b173fe9fbf468d3a9b9a47c42f335bb3 3516 net optional bind9-libs_9.11.19+dfsg-2.dsc e90339ab265234a22a97b9682c2ff831 74728 net optional bind9-libs_9.11.19+dfsg-2.debian.tar.xz 4b1713eb4c899c5d4582f5e185a7c20b 16108 net optional bind9-libs_9.11.19+dfsg-2_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEw2Gx4wKVQ+vGJel9g3Kkd++uWcIFAmAuHEFfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEMz NjFCMUUzMDI5NTQzRUJDNjI1RTk3RDgzNzJBNDc3RUZBRTU5QzIACgkQg3Kkd++u WcJ+iRAAoOJkn6RDG1CnX9Uy7D1+lYd5ss046bT3PMwlPOvtGkC2eqJqGVbak/ak Syj2Z3fqoShWU9iD4Yz6faOp+gCA+aEbL12JFNfM74XdpGRPc2MDvqcAaqnnykAw Fln2WSY0JNE+9jKj0x1ekrdARwj/3CA4uveZzCXEyCHi/zIKNvkWFisYLDTcntvm at/7v/qCu9QJ3Qgl0NMsnasazMFX06qemHQ/tQcJFP14Ky+ywKv0z1bfZKjbyVmJ tcSBDx7SGD5YDMZ/APSDNXj/3/17m8Ee1tkCV/zOyu7ZPHT1m7TGH7cwjHdkfje4 +e2MrspIdeGztBKEYNLGasEy3azsC+iNsz5aQXNFv+ABO4kMRIq9aYEa81rucFRb +B0GncPBeSTaZsQxDgL7IT1MovU9OP8LHPSJwj1i4rrkPOT5MBxqfxQxxdOipm+Z JPRy59cs/DrBxYQt+JJBy3gBdUxu/fX6wonDyJSX6xxnw3WmHRT6awcy6sQFgOR2 F1T6LJl7VWLNEw75kBpCDvBprKAXrE4Rz/yhwIaw7a31inDz8V7m3EKsdo4CwlN1 jhS0Ir7F9PevjvGGj1DGNfeSGnBchjNdXq3DcR00ixZMdbm9w8Va6dKMd1emRLKz Cpcnh34lTAg4g8yNx3kfJrX3OTJEAhyQs3Zod7VqFmf9SYyx7tA= =ulP2 -----END PGP SIGNATURE-----