-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 12 Feb 2024 17:25:59 +0100 Source: bind9 Architecture: source Version: 1:9.16.48-1 Distribution: bullseye-security Urgency: high Maintainer: Debian DNS Team <team+dns@tracker.debian.org> Changed-By: Ondřej Surý <ondrej@debian.org> Changes: bind9 (1:9.16.48-1) bullseye-security; urgency=high . * New upstream version 9.16.48 - CVE-2023-4408: Parsing large DNS messages may cause excessive CPU load - CVE-2023-5517: Querying RFC 1918 reverse zones may cause an assertion failure when "nxdomain-redirect" is enabled - CVE-2023-5679: Enabling both DNS64 and serve-stale may cause an assertion failure during recursive resolution - CVE-2023-6516: Specific recursive query patterns may lead to an out-of-memory condition - CVE-2023-50387: KeyTrap - Extreme CPU consumption in DNSSEC validator - CVE-2023-50868: Preparing an NSEC3 closest encloser proof can exhaust CPU resources * Update patches from debian/9.16 branch - Disable treat-warnings-as-errors in sphinx-build - Remove the reference to OPTIONS.md - it breaks build on Debian stretch Checksums-Sha1: 8e8e930160aca78dca05a3ba67a692e71e01cbdb 2990 bind9_9.16.48-1.dsc 248cd09553365f80ab8398e9ada7a6f9d46b7dce 5131176 bind9_9.16.48.orig.tar.xz ff9c4bbaf956e3d96a589a7ce64fd91566a494af 58548 bind9_9.16.48-1.debian.tar.xz 97404e0e1accd34fbde2c7b6027fd5a2aac88858 14998 bind9_9.16.48-1_amd64.buildinfo Checksums-Sha256: 8ba9866a778200d102516ef13b3551c88decbc92749a7b79d69a9f509a2267a9 2990 bind9_9.16.48-1.dsc 8d3814582348f90dead1ad410b1019094cd399d3d83930abebb2b3b1eb0b2bbb 5131176 bind9_9.16.48.orig.tar.xz f9eab8ceebc70e0c4c21e89559119991df0b82f591e7e4b76e4eabcfc32e8725 58548 bind9_9.16.48-1.debian.tar.xz 0023aafd3ee00bae5c54529db561630bddba1327558baf0d5ab8b5b8a9a5d256 14998 bind9_9.16.48-1_amd64.buildinfo Files: ae104dc9fc00f82dca94731c41f0af19 2990 net optional bind9_9.16.48-1.dsc c1872fb63248b757fe73b6a3cfcad601 5131176 net optional bind9_9.16.48.orig.tar.xz cd2c35ce032b2b2cdff50b5e0f73caf4 58548 net optional bind9_9.16.48-1.debian.tar.xz 5d7e60b47e2dc8533131f6b7f4fdd62c 14998 net optional bind9_9.16.48-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEw2Gx4wKVQ+vGJel9g3Kkd++uWcIFAmXKS7lfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEMz NjFCMUUzMDI5NTQzRUJDNjI1RTk3RDgzNzJBNDc3RUZBRTU5QzIACgkQg3Kkd++u WcKk7A//ep0hoWK8b23Zr2XhZe3BjsiFIJ97THU0jcqwFh88kFc+fuWO0TSSYa0g GNZE9pKso1eHLLLaiKfM4/V7suoCOpudlHb0CW1kiga+OMX1CF+R+KjGEjhEyEFS X1OyIs9bQXxB2SH/dkqsB2gc8h1QKdgC+Qbn+vMki/hbkcLWC2tls8hTHdpHyfOh e9oowdbmKwjQXpOkeHM8XglXPdFXALfCBfjIQgwS1XgiVqxiosNBJ764a73y5rnh YnYg2PWw2XG/ONKj8Nj89LkY9ib8IB5cKkXmC0x0B2BBMnknpg4qlsi0sgOSFGMh r+FQ6ALyOmOsQP1OKsWxK59DbYEyJz0D79EakX5x3OKgUkoyxyNJyHzYBlGqB470 Rx5nKMn8k79od9BJB33oK0DKW1pDrShpaC6J+4ezewZF/0iSab9dOMhM41PyRS17 LW4tzAv7SUxKSYPWPEBKRWn/m+kfvmOf/AFDdNwre8Pr0lpbXfzHswcdxwCpr/ml dX5lKT2dGH5EwHK8ga4rIhCRm8+mivRNpVcZWEFMnL5evb9eFK9TAEhGGvGGsxbA rzCbZb4fA4o5EhGA5pXgecTwnKssz3pAGjqcQbdNme86vwvLePuZZsTeUEvaua/U qove/q2y319h8++gAO1JbbXNIm5ppj6H7E7hGNThYXqCV+pDWEE= =FsTc -----END PGP SIGNATURE-----