-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 02 Nov 2021 00:05:57 +0100 Source: bind9 Architecture: source Version: 1:9.10.3.dfsg.P4-12.3+deb9u10 Distribution: stretch-security Urgency: high Maintainer: Debian DNS Packaging <pkg-dns-devel@lists.alioth.debian.org> Changed-By: Markus Koschany <apo@debian.org> Changes: bind9 (1:9.10.3.dfsg.P4-12.3+deb9u10) stretch-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2021-25219: In BIND exploitation of broken authoritative servers using a flaw in response processing can cause degradation in BIND resolver performance. The way the lame cache is currently designed makes it possible for its internal data structures to grow almost infinitely, which may cause significant delays in client query processing. * Fix CVE-2018-5740: "deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feature makes it easy, when the feature is in use, to experience an assertion failure in name.c. Checksums-Sha1: 93518efb493cdad678fa81c9acc563234e4d1179 4041 bind9_9.10.3.dfsg.P4-12.3+deb9u10.dsc 7932e2cd7c7c3f1703480e146c71b7a388af9a90 105828 bind9_9.10.3.dfsg.P4-12.3+deb9u10.debian.tar.xz 6006138df507c2883cd199982abba10e3d09ae55 6238 bind9_9.10.3.dfsg.P4-12.3+deb9u10_source.buildinfo Checksums-Sha256: 3140ca30d5569ceafd25643ca6bb931bc8d1ad5ceb6c79dff23c95b585c599ad 4041 bind9_9.10.3.dfsg.P4-12.3+deb9u10.dsc c58d1dc9f3fb04786fbeb70b4c41d53ec010f0c08ed023ae7dfad3c2aa1e6583 105828 bind9_9.10.3.dfsg.P4-12.3+deb9u10.debian.tar.xz f5e5c97defd5ca80f09adba50c82d26cb13485f03ccf86830bbf9c937ff0c6bb 6238 bind9_9.10.3.dfsg.P4-12.3+deb9u10_source.buildinfo Files: 991897377a9478341c17d210c1a1180c 4041 net optional bind9_9.10.3.dfsg.P4-12.3+deb9u10.dsc 6fe95eadf2a0f12c93c6a88b89721bbf 105828 net optional bind9_9.10.3.dfsg.P4-12.3+deb9u10.debian.tar.xz 0c7bb2b87634f7b54e39a159d3b4b85d 6238 net optional bind9_9.10.3.dfsg.P4-12.3+deb9u10_source.buildinfo -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmGAhQFfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkNSMP/2dpnVA5yosAfI0ZhQff9YlW5+cotfBJUO/O 8rNr+bwBGM0Cufh42yR6uNQnHKt+7zh6UPJDUmxYvfzsti749GR4eeGGX7WBAdnH BI9Kx43+9dO1vFpTzpYKlMWuc1y9qc9lEiAfmCSsQFOyZfEmzrZDGJyEL3ZF3tlA q2izLXNkZuCD6CdOXcpGm1qQFHj5BKfMA4Hv4TQ0QGP63wHNbIiu1okDYg0V8dam HQJ0jghg7R6RgmFq+MRyCsRFxPo21qGT+NM6uLXkHYpGfLdgVjuCw5KAa1wMdstd zU7hEU17QzkGsX+o9UMaR/h7kXywt2xnHHoOcdp+ecU4G3UybbcLsJ8/7LBF2J07 HlioRIMARTeVeROGlliD2GvToQc8jSXLbTrcXTqT41msUuyHP/NeFP5S2+ybUurg ZCflmVkYAqjyuRhFf8QzWogP2eMYg107SmEmhHnLcAzNDRaqsN47dapmOf+yqpaZ c8ywwTVesnlu24O2ITGMmu1AUIgvdV+k5CchdsuUsxPiiZVyV40EqFcFQCwnTGKO XInunqr/Ri60VJJMe8n1pD1MAt7nBKHcQ5Bc+KFDh80mHRVMAXkIoRTJhiLdXTyT jVOyCr0kTsjkta1Vai//UohJ2dTz7zHIFWxUAgLx9/qWKKQVrkmlhrYWoRq0YRKx VliBjrFE =TIEQ -----END PGP SIGNATURE-----