-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 29 Apr 2021 09:11:32 +0200 Source: bind9 Architecture: source Version: 1:9.16.15-1 Distribution: unstable Urgency: high Maintainer: Debian DNS Team <team+dns@tracker.debian.org> Changed-By: Ondřej Surý <ondrej@debian.org> Closes: 987741 987742 987743 Changes: bind9 (1:9.16.15-1) unstable; urgency=high . * New upstream version 9.16.15 (Closes: #987741, #987742, #987743) + CVE-2021-25214: A malformed incoming IXFR transfer could trigger an assertion failure in ``named``, causing it to quit abnormally. + CVE-2021-25215: ``named`` crashed when a DNAME record placed in the ANSWER section during DNAME chasing turned out to be the final answer to a client query. + CVE-2021-25216: When a server's configuration set the ``tkey-gssapi-keytab`` or ``tkey-gssapi-credential`` option, a specially crafted GSS-TSIG query could cause a buffer overflow in the ISC implementation of SPNEGO (a protocol enabling negotiation of the security mechanism used for GSSAPI authentication). * Add patches to implement I-D draft-hardaker-dnsop-nsec3-guidance Checksums-Sha1: 5f9d70519d693dbbf48c18ec7fa8da726810e10c 3236 bind9_9.16.15-1.dsc 5d68bbd1ff452708d45f2d4ef832faa3a1690fc7 5025688 bind9_9.16.15.orig.tar.xz 4926e0c0f0f2b667cf021a1f857f97b6280c8d1c 833 bind9_9.16.15.orig.tar.xz.asc 7c07b37263e067be9b08305982ef76f8bc67a94b 89700 bind9_9.16.15-1.debian.tar.xz 631b63a5be9a133fe2b35e3a2bc57a2dde7ff04f 15062 bind9_9.16.15-1_amd64.buildinfo Checksums-Sha256: 758b08d2917f3610bdc0b481fa81540bd29b1052de8721cbb99ab379ba3d7036 3236 bind9_9.16.15-1.dsc 98b6f432d878a7bf8f57eb7b3c28be27278cf6b9989154bfe6c81104b38e7839 5025688 bind9_9.16.15.orig.tar.xz 55628031d8c5697707e1f8ad3d8033f72ffb987cdc392d578ec4bc89c968822e 833 bind9_9.16.15.orig.tar.xz.asc 8af2c74d4a1a6ea8e3d8cc88b14248d9b447711da9dda3ce6eaee0edd485d87b 89700 bind9_9.16.15-1.debian.tar.xz 3f92cec2331f52a55d923d3e1202b8c60f3028b59b396e29f34696dbcdcb79a0 15062 bind9_9.16.15-1_amd64.buildinfo Files: 43334d6c45321a1dc5f355a446979657 3236 net optional bind9_9.16.15-1.dsc 6c6e5bb21763161bc68665b8729b3630 5025688 net optional bind9_9.16.15.orig.tar.xz a2e6a9234cd8726fd389e82dea656fec 833 net optional bind9_9.16.15.orig.tar.xz.asc 61004a2ae5bb8a04e7137c188a5ccb5f 89700 net optional bind9_9.16.15-1.debian.tar.xz 6e225c8fbbbb2db806eb1ad895165d44 15062 net optional bind9_9.16.15-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEw2Gx4wKVQ+vGJel9g3Kkd++uWcIFAmCKeENfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEMz NjFCMUUzMDI5NTQzRUJDNjI1RTk3RDgzNzJBNDc3RUZBRTU5QzIACgkQg3Kkd++u WcI9pw//f8nlyKjLDpty4Sr6U9fNK6sWUu4dGPuvh5pQvx2pnH9sigExMqnlWkfe lzqVvB02ywc+R7V63N5DzKLzbY/vLg0DPc4qLPMInw7wjFFul4rGNZ67noJlxgye Kkr/cxRaPHs2LKIeGOiRcmrJwphl25mPPMAzT/rF6JwobyjlOc9DB6hMDt/14rEO afQdy5pPrIb+8ExykS+2beKUuMhNA0rGu/cuSq8x08nZP3K7Snd2ZmcMrlAnut8K AroNxBIZYaUefXn345/M/ocYFYH35yN041nMhxCUYWJQMPKfsKjeniH1Kxvmobnn JxnaSXd2Jw4ZTxsdckJ33c3eruRaoYTBX6Bi+POrObiW3vDed6xC5izvQXW8qWO8 JpY6xOPgVX6HCpX7fVZ/ryE/p1HgZWPvBIi6izAggRm8YaMAjmGv7sVDFOL6obXm aYYff+Hq9eHoYtT4jjZBaUjZQR4W+VT4kxmA8qahUqtNgl4Ue7axierF64NEfYb0 /EJRbaUlz457rF6U6PLFvjLmRwKxaqOwcoQg6HQ9HPYWjsxgciwhDWoSoKUUvgKg PX4eQp+5r9L4SRV88wdKuLtUFlMyAH2jOnXQyfLqIWfsKrDJTAWWqVxDed5CHAbn 0jWGRCXxBBVdzbDs5TzojbD0S2MLiR0RiESeLINgyJJDlaTSLww= =gcxm -----END PGP SIGNATURE-----