-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 21 Jun 2023 20:48:44 +0200 Source: bind9 Architecture: source Version: 1:9.18.16-1~deb12u1 Distribution: bookworm-security Urgency: high Maintainer: Debian DNS Team <team+dns@tracker.debian.org> Changed-By: Ondřej Surý <ondrej@debian.org> Changes: bind9 (1:9.18.16-1~deb12u1) bookworm-security; urgency=high . * New upstream version 9.18.16 - CVE-2023-2828: The overmem cleaning process has been improved, to prevent the cache from significantly exceeding the configured max-cache-size limit. - CVE-2023-2911: A query that prioritizes stale data over lookup triggers a fetch to refresh the stale data in cache. If the fetch is aborted for exceeding the recursion quota, it was possible for named to enter an infinite callback loop and crash due to stack overflow. This has been fixed. Checksums-Sha1: 64520df6aca0e5be3d4abafc5986d3528d5e6a14 3325 bind9_9.18.16-1~deb12u1.dsc fd4d104b751c8962c4351ee7f9a51851c8c93307 5462456 bind9_9.18.16.orig.tar.xz dc97925ecceeb1a333425bc733afa2b6d47b7fe7 833 bind9_9.18.16.orig.tar.xz.asc c60827131c70004c36de0624a0dfa5f43f2336fd 60492 bind9_9.18.16-1~deb12u1.debian.tar.xz 96e53da123d3dde63d8030a5d39cb70571a60a5f 15031 bind9_9.18.16-1~deb12u1_amd64.buildinfo Checksums-Sha256: 1bb629bb554b7b66c0303fd06500a98957a6c7a69447857826d3c9da42a1a1c6 3325 bind9_9.18.16-1~deb12u1.dsc c88234fe07ee75c3c8a9e59152fee64b714643de8e22cf98da3db4d0b57e0775 5462456 bind9_9.18.16.orig.tar.xz 8053d23883adfe5711d6eeed4c37b91773579a9a4f4c7b7fdb258d8b2c715d4f 833 bind9_9.18.16.orig.tar.xz.asc d7a1315831fb8263c06f6fdb5b2c1654ea040410843f336194370edde7e9cbf4 60492 bind9_9.18.16-1~deb12u1.debian.tar.xz 4e864efe270a449f9f36d8277606cf2623c59b84d83b8ff6f6d6bf10d0ebc799 15031 bind9_9.18.16-1~deb12u1_amd64.buildinfo Files: 46d6223622fdf0b118f1320f46909bbb 3325 net optional bind9_9.18.16-1~deb12u1.dsc c75648e02db965770fdf76fb828796a0 5462456 net optional bind9_9.18.16.orig.tar.xz fd85495275fbce1e521b6e358126bbb6 833 net optional bind9_9.18.16.orig.tar.xz.asc 0aad2e0149deaeffa20151fb6d7ccb03 60492 net optional bind9_9.18.16-1~deb12u1.debian.tar.xz 7fadb30c51d1e1774f3f65981009607d 15031 net optional bind9_9.18.16-1~deb12u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEw2Gx4wKVQ+vGJel9g3Kkd++uWcIFAmSTTL5fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEMz NjFCMUUzMDI5NTQzRUJDNjI1RTk3RDgzNzJBNDc3RUZBRTU5QzIACgkQg3Kkd++u WcIdRRAAktXpED5XlMsXG1A1XmkSKdZI/OHTzPs8YepZ0JHnWAVvXLQY+GMRgaW6 9APmanPo212asp3pPdZEGCC/EA0Pg29Ohm3M5lGrwL+4G6eVq9QREcTj5rmoMcCp ka/4ZwIn6gevAGXTpwL9vaQS65Kn0dl2ln5MO4hflAU0Wl5wt9jsh7BCecL1KLnm o/6VXNunps/TppkZB3KT1XbWU4MoEDfODbrDs8GhiuFFjPSZoyuhu515tkyEhJJ+ m+4OY04yOpWcDKvtXvxgdPvm+lSiAvcn/KOana9wGE3CSs6IVrsu0s9tpzLugdRf n/wvD4plch0WnGpl/Ur87b13/IZQ30blkJxIlS7c/zkwN9vAYMbtAT8niR4uVGXg 0lBO0bcVCQ8IvfWofIJk+FuqfkN2Mxco7B0BABC7kKQMa0kKReFbrJYSHsRHzL1d q6B331aNs5AQL1ilFm33Y6kuAxGr10RRcEkBszBjfrkL0AWait64ciMV5KR/uN/+ +E+uWkEAT9mMDrra+105VbvOdfPsHHJXK8brgwsq3USEXKXEk06qbrk5ajURYZoV exSntOZu8KTp8H0Bsk5huuDMMe3ijHA2c+9Iv2SN2lC7PZu+J2Zf5zySFsUhDDPJ 0Icjx6fwbNjgbUi3U5T2niDgwMJjEhAybx6LsPTXSzFwPet+IeA= =lFYx -----END PGP SIGNATURE-----