-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 12 May 2021 08:47:16 +0200 Source: bind9 Architecture: source Version: 1:9.16.15-1~bpo10+1 Distribution: buster-backports Urgency: high Maintainer: Debian DNS Team <team+dns@tracker.debian.org> Changed-By: Bernhard Schmidt <berni@debian.org> Closes: 987741 987742 987743 Changes: bind9 (1:9.16.15-1~bpo10+1) buster-backports; urgency=high . * Rebuild for buster-backports. . bind9 (1:9.16.15-1) unstable; urgency=high . * New upstream version 9.16.15 (Closes: #987741, #987742, #987743) + CVE-2021-25214: A malformed incoming IXFR transfer could trigger an assertion failure in ``named``, causing it to quit abnormally. + CVE-2021-25215: ``named`` crashed when a DNAME record placed in the ANSWER section during DNAME chasing turned out to be the final answer to a client query. + CVE-2021-25216: When a server's configuration set the ``tkey-gssapi-keytab`` or ``tkey-gssapi-credential`` option, a specially crafted GSS-TSIG query could cause a buffer overflow in the ISC implementation of SPNEGO (a protocol enabling negotiation of the security mechanism used for GSSAPI authentication). * Add patches to implement I-D draft-hardaker-dnsop-nsec3-guidance Checksums-Sha1: 6fc7db8c779a3a0b2421a339703719867eaa57f9 3163 bind9_9.16.15-1~bpo10+1.dsc 5d68bbd1ff452708d45f2d4ef832faa3a1690fc7 5025688 bind9_9.16.15.orig.tar.xz 4926e0c0f0f2b667cf021a1f857f97b6280c8d1c 833 bind9_9.16.15.orig.tar.xz.asc b9059d7bb3f9cf2adc0c38ce95998af90cb48462 89704 bind9_9.16.15-1~bpo10+1.debian.tar.xz f410fe64f7f021364c4880c8aa80892c7ff95d85 5856 bind9_9.16.15-1~bpo10+1_source.buildinfo Checksums-Sha256: 3ad63bb5c1df950d309e07da285e8020d529e3d1b4cc5fde53c11a665b5167d6 3163 bind9_9.16.15-1~bpo10+1.dsc 98b6f432d878a7bf8f57eb7b3c28be27278cf6b9989154bfe6c81104b38e7839 5025688 bind9_9.16.15.orig.tar.xz 55628031d8c5697707e1f8ad3d8033f72ffb987cdc392d578ec4bc89c968822e 833 bind9_9.16.15.orig.tar.xz.asc 081e02b96646478e82b5ad40e9c025fbc355e823da62a96c0b08fae09f84fba3 89704 bind9_9.16.15-1~bpo10+1.debian.tar.xz d7636be0ffc0242080d9ee2e47eca2ef60121b6dc82a7affba70da6d6ddfd6a0 5856 bind9_9.16.15-1~bpo10+1_source.buildinfo Files: e72394f42aac2c853965c8286aa28b61 3163 net optional bind9_9.16.15-1~bpo10+1.dsc 6c6e5bb21763161bc68665b8729b3630 5025688 net optional bind9_9.16.15.orig.tar.xz a2e6a9234cd8726fd389e82dea656fec 833 net optional bind9_9.16.15.orig.tar.xz.asc 6088b75e6e8231cdc7f189449bc20205 89704 net optional bind9_9.16.15-1~bpo10+1.debian.tar.xz 1828aabbf68f758a90ac8b4ac4db949f 5856 net optional bind9_9.16.15-1~bpo10+1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJFBAEBCgAvFiEE1uAexRal3873GVbTd1B55bhQvJMFAmCbexIRHGJlcm5pQGRl Ymlhbi5vcmcACgkQd1B55bhQvJONKA/8D7+duZUrBP6mrSA+8s91R0T3IQ/iiG+t zJ/jYO6O5xy2oIrKoNgZHJ5Y8mfp8pcXFxiB/AKhrP3ALeCHToPSglu49YAaeex9 DfXYUxdZcp/1+j1IhEXhR/mgUfCHBuquly+q0vpsxGzDp5nsX+KSunIk+a6lQA6N 8DzjklWPiHiKSJx8uVzeUaj9N/eMJ63szblgeGaAO600anZoZqLPqgXSAGXCtoxF 4wp2Jni/UXL2JtAivgZyKhEdu7kVSa9t8wRDZtm6OykxTGMJ3VtPZyynNv7NkVK6 TzVsiQ56g2BCZLj79sJW3YbQaTz2CGhs/5w2CQMrLg/nhOTIyszitSlw+2eSkKkd 1vIYP56GuQTSVjfBg53D0wn0YyFOSpxBSwFT9ZxdPZmlzjHeBuYVNasi3IYHlcqa wr86vtZ6FnCkhBw9aYemzE0jkcTOXD3zgMsMaqlecL3jhpCo+qQ/pmmdS7UiNSZP ejzR+ynOE0BE9g8c5MYiv9RazyrXZpaTJyIOSPvJU5qPQA9Huw9Bp3nwQztope86 pZFeRCZo8fFmbNgOlTYou+azICC8QlnpWkqYD+gxdaaRiYeURgw/bbur78LGoJnj r0OKOSe5bitrjPLUpA/RWQYiJUu4ReAPYoyvqHNC7vZ5KVq9o5fgsDw4z4o06Zak NKsnxxU37kY= =ohu6 -----END PGP SIGNATURE-----