-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 14 Mar 2022 15:29:31 +0100 Source: bind9 Architecture: source Version: 1:9.18.1-1 Distribution: unstable Urgency: high Maintainer: Debian DNS Team <team+dns@tracker.debian.org> Changed-By: Ondřej Surý <ondrej@debian.org> Changes: bind9 (1:9.18.1-1) unstable; urgency=high . * New upstream version 9.18.1 * CVE-2021-25220: The rules for acceptance of records into the cache have been tightened to prevent the possibility of poisoning if forwarders send records outside the configured bailiwick. * CVE-2022-0396: TCP connections with 'keep-response-order' enabled could leave the TCP sockets in the 'CLOSE_WAIT' state when the client did not properly shut down the connection. * CVE-2022-0635: Lookups involving a DNAME could trigger an assertion failure when 'synth-from-dnssec' was enabled (which is the default) * CVE-2022-0667: When chasing DS records, a timed out or artificially delayed fetch could cause 'named' to crash while resuming a DS lookup. Checksums-Sha1: e55e4796759435ddf1b5c3daa6c178ab5d0e9873 3267 bind9_9.18.1-1.dsc 54f92b2b3129c59877a4fe59a447b8d307a39fdc 5059456 bind9_9.18.1.orig.tar.xz 720d8e6e1fe5e89889d893aa8ef30c06c13c4017 874 bind9_9.18.1.orig.tar.xz.asc 45bbd179c5fc870e47182439d0cf1733e708e4c4 78656 bind9_9.18.1-1.debian.tar.xz 224475c1c09350d840a8e627df48b3aeae0ad16f 15156 bind9_9.18.1-1_amd64.buildinfo Checksums-Sha256: 31ffd3fee12475cd9140a5b710541d9a9e773e2a9f0dc9bc35e98d498a6177aa 3267 bind9_9.18.1-1.dsc 57c7afd871694d615cb4defb1c1bd6ed023350943d7458414db8d493ef560427 5059456 bind9_9.18.1.orig.tar.xz 585e206134f6186dee8e9c8ec30d08a3cc3c765a7fc2803da155e2c4caaa0d39 874 bind9_9.18.1.orig.tar.xz.asc ce74108456b751ad4bbc990947440e4255498ef7162c60be05c980b436f118eb 78656 bind9_9.18.1-1.debian.tar.xz c562d749c77cdf65a223bd0879e47592c586749994fa8deb80adf4702fcfeadf 15156 bind9_9.18.1-1_amd64.buildinfo Files: 4ef0aea9edbe36efc79f3f29a7ab2638 3267 net optional bind9_9.18.1-1.dsc d7072b2d774077f37bff51580b3a577b 5059456 net optional bind9_9.18.1.orig.tar.xz b040090622bcef443010cb16657253c5 874 net optional bind9_9.18.1.orig.tar.xz.asc 0190df5791eb713eeab2af153fa56759 78656 net optional bind9_9.18.1-1.debian.tar.xz 81df6e377a72cc9b7cb33ec46381a8a5 15156 net optional bind9_9.18.1-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEw2Gx4wKVQ+vGJel9g3Kkd++uWcIFAmIzkNVfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEMz NjFCMUUzMDI5NTQzRUJDNjI1RTk3RDgzNzJBNDc3RUZBRTU5QzIACgkQg3Kkd++u WcIj2w//firc+mtwcjSIoh4NE6XZDrqWn9Gal8azIy4VgFx4DldsDo3AkhYQPMn1 Cv1PbaTVxci0RrUE2EROsfo+7BmMHhaBWhrgxFTIKZRUd8cw+SMe7QztgSNOmrGR zDac0NWZ2lxbCyF/Npm82eoskW1vFhjbD9YuBQXsvtjUyz/biSwF1WCWTxbf//ul dwWZqn07GjNSKr9wx8DO3Ka96/Tf9XwMSulBcvu5YsU0i28ktYyfPDcDKsNgRJmH jTwMhFMSjK7qg+vKNlU17VlnsVR2jgGQ/TIbgtFgL0MyKW5UUZtYn48YuVO46g90 JeCHpMoksnxjGb8ZEZaLnxCA5bEV0nS8VQpTpc1wyxC4ChH5wjrvXlrP9DdlCrAT iL55CbdHqhoVnOT+iMSRZxzLx9BvwuyQ+Qy3X7qM+ctUqa30VKCDF3nAcXApaB2q n71Zi4dxD2agmw7AS7oOi15LACa/VEhJYfcp+2MlqhpNIxUAMCPebfqJ+jrhLu3J 7ADhaxjjk02esaeqblAjfWjsKi+XVtL+gt3gB1Or62exfyfmZeA0DDJ/mi4m8kSP TI+sAZKTqdobqlQJEby6G9FpgbkoUpDwAB7cwZNzwRs/o+EYj08qJfX+dQolVuY7 S+I14x9VDNapJX7TRLXSKGg3aduzQ+nXow/eTL0qp7CSjfVL7vg= =UDXp -----END PGP SIGNATURE-----