-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 21 Jun 2023 20:31:51 +0200 Source: bind9 Architecture: source Version: 1:9.16.42-1~deb11u1 Distribution: bullseye-security Urgency: high Maintainer: Debian DNS Team <team+dns@tracker.debian.org> Changed-By: Ondřej Surý <ondrej@debian.org> Changes: bind9 (1:9.16.42-1~deb11u1) bullseye-security; urgency=high . * Update the upstream signing keys * New upstream version 9.16.42 - CVE-2023-2828: The overmem cleaning process has been improved, to prevent the cache from significantly exceeding the configured max-cache-size limit. - CVE-2023-2911: A query that prioritizes stale data over lookup triggers a fetch to refresh the stale data in cache. If the fetch is aborted for exceeding the recursion quota, it was possible for named to enter an infinite callback loop and crash due to stack overflow. This has been fixed. Checksums-Sha1: 50e29517f6de37aa489b864e26b42613d3615b67 3266 bind9_9.16.42-1~deb11u1.dsc 1df792938bcdc599e7292e908202d14b5a8a4e2c 5123476 bind9_9.16.42.orig.tar.xz beaa3db6f0658806121f53247eda69ae68da2ad5 833 bind9_9.16.42.orig.tar.xz.asc 68a87a90e84dea144af1ac24b2ad6f943728e7ed 57800 bind9_9.16.42-1~deb11u1.debian.tar.xz 81f701563aee63083de0f0aeee0460d21a08e121 15279 bind9_9.16.42-1~deb11u1_amd64.buildinfo Checksums-Sha256: 8f4e90d931483f4ae1a5dd63773b8dd43437f4b2066a0127a6af945beefcee42 3266 bind9_9.16.42-1~deb11u1.dsc a8b51c6bfdf3ab6885102f764c2418e037897b7ea46a09f8f07876fa11a6c0b3 5123476 bind9_9.16.42.orig.tar.xz f9fc25a2abdb0383d8f8d788bda2520587c55924a76c201c0769495352274ac9 833 bind9_9.16.42.orig.tar.xz.asc 1fefa5878dbeb1c6bbe50dbc742749f24d5284f4f4348722bde6f1600bc042a5 57800 bind9_9.16.42-1~deb11u1.debian.tar.xz 55000ed2731c2e0275897b9b72b27fb812bac966f046ed171f80e863dcb69edb 15279 bind9_9.16.42-1~deb11u1_amd64.buildinfo Files: 734f5aa61af2682cf3324cce6ff0eb0f 3266 net optional bind9_9.16.42-1~deb11u1.dsc 42904d48985a8dc809223179b99b51e5 5123476 net optional bind9_9.16.42.orig.tar.xz 6e4dc04d77d52bb1f1f5864b44b0dd35 833 net optional bind9_9.16.42.orig.tar.xz.asc 5995c2b8bbec6aaf95fcd8adc20ff707 57800 net optional bind9_9.16.42-1~deb11u1.debian.tar.xz 0696b79f19670a83f6623dc0a4c8caf1 15279 net optional bind9_9.16.42-1~deb11u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEw2Gx4wKVQ+vGJel9g3Kkd++uWcIFAmSTRkRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEMz NjFCMUUzMDI5NTQzRUJDNjI1RTk3RDgzNzJBNDc3RUZBRTU5QzIACgkQg3Kkd++u WcKI0g//bnykYHvK1/Wa2Peqvuss+p5Ei+sAjjik5JcyEDceFmCd30vNm1F7Rg6M UU4axYOg/8y3HryUEAFjEGX8hgfbudLnRcqvCZID6JED0dNR3N2kOV41ykf7XgSM NI6wAP4AJ5m8r418/1MfgNOl/rFOVmjAv4Z1r/QPdfpkqO0AlfzJrWwXNu3VXm29 9XuzuL2jXTTGFG9CLsIBzhbetOit4aBOgHCzWsivsecA8H0j9ACaKCRDhgnsq7tc Uwvrtiz1jXTTUFDje62x5RVn8q+V7s6qLdIRav7AfBvTRrXBiV4QnzofZwCEWASi jUBzx+eCaVFqOg9wFVfIZe8BkX4z8/2u0n5ioH8SFN1l1I8TgvOra6+g/NttwFv9 VduewbxY9xqJNOkWpDDhmGcUq3w7ej4hmK/vqblNFxhatu+9XkYYkk9QqS1l/CUy B8pQIoSa8fykyCTg4x78ngIdXO/fNtyHUWYbGKxzNEhjq5ydaxUj3jedAjqWIM1d wprlNzXIkusdRIQXIW8Utmhk9cXWuGzoD4Pvu/VdpJaXZoSVnWhsd9U2+jC5U+KZ RbdcbHOos6/LB9BSjpEeegjqjDJMwKRlYd72+Nl4gMNQSwBhEcmjklbsfgBAckf2 GgPOBzi22igOQ4dYOKaiRrloiOZRpCaaCFokAJK18xM0Xo0/WL4= =BC8h -----END PGP SIGNATURE-----