bind9 - Debian Package Tracker

general

source: bind9 (main)
version: 1:9.19.17-1
maintainer: Debian DNS Team (DMD)
uploaders: Bernhard Schmidt [DMD] – Ondřej Surý [DMD]
arch: all any
std-ver: 4.6.2
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1:9.11.5.P4+dfsg-5.1+deb10u7
o-o-sec: 1:9.11.5.P4+dfsg-5.1+deb10u9
o-o-bpo: 1:9.16.27-1~deb11u1~bpo10+1
oldstable: 1:9.16.37-1~deb11u1
old-sec: 1:9.16.44-1~deb11u1
old-bpo: 1:9.18.16-1~deb12u1~bpo11+1
old-p-u: 1:9.16.44-1~deb11u1
stable: 1:9.18.16-1~deb12u1
stable-sec: 1:9.18.19-1~deb12u1
stable-p-u: 1:9.18.19-1~deb12u1
testing: 1:9.19.17-1
unstable: 1:9.19.17-1

versioned links

1:9.11.5.P4+dfsg-5.1+deb10u7: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:9.11.5.P4+dfsg-5.1+deb10u9: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:9.16.27-1~deb11u1~bpo10+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:9.16.37-1~deb11u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:9.16.44-1~deb11u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:9.18.16-1~deb12u1~bpo11+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:9.18.16-1~deb12u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:9.18.19-1~deb12u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:9.19.17-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

bind9 (22 bugs: 0, 14, 8, 0)
bind9-dev
bind9-dnsutils (2 bugs: 0, 2, 0, 0)
bind9-doc (1 bugs: 0, 0, 1, 0)
bind9-host (2 bugs: 0, 1, 1, 0)
bind9-libs (1 bugs: 1, 0, 0, 0)
bind9-utils (1 bugs: 0, 0, 1, 0)
bind9utils (1 bugs: 0, 1, 0, 0)
dnsutils (1 bugs: 0, 1, 0, 0)

action needed

2 security issues in buster high

There are 2 open security issues in buster.

1 important issue:

CVE-2023-3341: The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory, causing `named` to terminate unexpectedly. Since each incoming control channel message is fully parsed before its contents are authenticated, exploiting this flaw does not require the attacker to hold a valid RNDC key; only network access to the control channel's configured TCP port is necessary. This issue affects BIND 9 versions 9.2.0 through 9.16.43, 9.18.0 through 9.18.18, 9.19.0 through 9.19.16, 9.9.3-S1 through 9.16.43-S1, and 9.18.0-S1 through 9.18.18-S1.

1 ignored issue:

CVE-2022-3094: Sending a flood of dynamic DNS updates may cause `named` to allocate large amounts of memory. This, in turn, may cause `named` to exit due to a lack of free memory. We are not aware of any cases where this has been exploited. Memory is allocated prior to the checking of access permissions (ACLs) and is retained during the processing of a dynamic update from a client whose access credentials are accepted. Memory allocated to clients that are not permitted to send updates is released immediately upon rejection. The scope of this vulnerability is limited therefore to trusted clients who are permitted to make dynamic zone changes. If a dynamic update is REFUSED, memory will be released again very quickly. Therefore it is only likely to be possible to degrade or stop `named` by sending a flood of unaccepted dynamic updates comparable in magnitude to a query flood intended to achieve the same detrimental outcome. BIND 9.11 and earlier branches are also affected, but through exhaustion of internal resources rather than memory constraints. This may reduce performance but should not be a significant problem for most servers. Therefore we don't intend to address this for BIND versions prior to BIND 9.16. This issue affects BIND 9 versions 9.16.0 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.8-S1 through 9.16.36-S1.

Created: 2023-09-20 Last update: 2023-09-24 05:38

lintian reports 1 error and 20 warnings high

Lintian reports 1 error and 20 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2022-10-19 Last update: 2023-06-22 12:06

2 bugs tagged patch in the BTS normal

The BTS contains patches fixing 2 bugs, consider including or untagging them.

Created: 2023-09-13 Last update: 2023-10-02 15:00

Does not build reproducibly during testing normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2022-09-09 Last update: 2023-10-02 14:00

6 new commits since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit c47db15ed1d3958a78c4063c7305c9a86f69cfc3
Author: Ondřej Surý <ondrej@debian.org>
Date:   Wed Sep 20 18:13:09 2023 +0200

    Update changelog for 1:9.19.17-1 release

commit 65bb431d972be41cbbd4605255481a9f9b986ed2
Merge: d05df7a85 3c2d267ac
Author: Ondřej Surý <ondrej@debian.org>
Date:   Wed Sep 20 18:12:02 2023 +0200

    Update upstream source from tag 'upstream/9.19.17'
    
    Update to upstream version '9.19.17'
    with Debian dir 99df0bb2e9c29c9e9126c3b65731fa71ea8dcc94

commit 3c2d267ac0a19f6ddbbe83ca29608929b269fcab
Author: Ondřej Surý <ondrej@debian.org>
Date:   Wed Sep 20 18:11:43 2023 +0200

    New upstream version 9.19.17

commit d05df7a858d2bb8baa53a6c3230ef6f9bde913e8
Author: Ondřej Surý <ondrej@debian.org>
Date:   Wed Aug 16 17:54:26 2023 +0200

    Update changelog for 1:9.19.16-1 release

commit f13f04f9b636c110ea6fe7e7f3aaeb8fdbbd2552
Merge: d82584f93 774420747
Author: Ondřej Surý <ondrej@debian.org>
Date:   Wed Aug 16 17:53:49 2023 +0200

    Update upstream source from tag 'upstream/9.19.16'
    
    Update to upstream version '9.19.16'
    with Debian dir 014323ed8ec465fff7db0c78843208252dba42a3

commit 774420747b47ec8fb4f266ef9fa06f9832626f54
Author: Ondřej Surý <ondrej@debian.org>
Date:   Wed Aug 16 17:53:23 2023 +0200

    New upstream version 9.19.16

Created: 2023-04-21 Last update: 2023-09-27 01:10

Multiarch hinter reports 1 issue(s) low

There are issues with the multiarch metadata for this package.

bind9-doc could be marked Multi-Arch: foreign

Created: 2016-09-14 Last update: 2023-10-02 12:18

debian/patches: 1 patch to forward upstream low

Among the 1 debian patch available in version 1:9.19.17-1 of the package, we noticed the following issues:

1 patch where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2023-02-26 Last update: 2023-09-22 09:19

Build log checks report 1 warning low

Build log checks report 1 warning

Created: 2022-01-27 Last update: 2022-01-27 08:02

Issues found with some translations low

Automatic checks made by the Debian l10n team found some issues with the translations contained in this package. You should check the l10n status report for more information.

Issues can be things such as missing translations, problematic translated strings, outdated PO files, unknown languages, etc.

Created: 2020-03-24 Last update: 2020-03-24 06:20

No known security issue in bullseye wishlist

There is 1 open security issue in bullseye.

1 ignored issue:

CVE-2022-2881: The underlying bug might cause read past end of the buffer and either read memory it should not read, or crash the process.

Created: 2022-09-21 Last update: 2023-09-24 05:38

news

[rss feed]

[2023-09-24] bind9 1:9.19.17-1 MIGRATED to testing (Debian testing watch)
[2023-09-23] Accepted bind9 1:9.16.44-1~deb11u1 (source) into oldstable-proposed-updates (Debian FTP Masters) (signed by: Ondřej Surý)
[2023-09-23] Accepted bind9 1:9.18.19-1~deb12u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Ondřej Surý)
[2023-09-22] Accepted bind9 1:9.16.44-1~deb11u1 (source) into oldstable-security (Debian FTP Masters) (signed by: Ondřej Surý)
[2023-09-22] Accepted bind9 1:9.18.19-1~deb12u1 (source) into stable-security (Debian FTP Masters) (signed by: Ondřej Surý)
[2023-09-21] Accepted bind9 1:9.19.17-1 (source) into unstable (Ondřej Surý)
[2023-07-19] Accepted bind9 1:9.11.5.P4+dfsg-5.1+deb10u9 (source amd64 all) into oldoldstable (Chris Lamb)
[2023-07-17] Accepted bind9 1:9.18.16-1~deb12u1~bpo11+1 (source) into bullseye-backports (Debian FTP Masters) (signed by: Bernhard Schmidt)
[2023-06-26] Accepted bind9 1:9.16.42-1~deb11u1 (source) into oldstable-proposed-updates (Debian FTP Masters) (signed by: Ondřej Surý)
[2023-06-26] Accepted bind9 1:9.18.16-1~deb12u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Ondřej Surý)
[2023-06-25] Accepted bind9 1:9.16.42-1~deb11u1 (source) into oldstable-security (Debian FTP Masters) (signed by: Ondřej Surý)
[2023-06-25] Accepted bind9 1:9.18.16-1~deb12u1 (source) into stable-security (Debian FTP Masters) (signed by: Ondřej Surý)
[2023-06-24] bind9 1:9.18.16-1 MIGRATED to testing (Debian testing watch)
[2023-06-24] bind9 1:9.18.16-1 MIGRATED to testing (Debian testing watch)
[2023-06-21] Accepted bind9 1:9.19.14-1 (source) into experimental (Ondřej Surý)
[2023-06-21] Accepted bind9 1:9.18.16-1 (source) into unstable (Ondřej Surý)
[2023-06-13] bind9 1:9.18.13-1 MIGRATED to testing (Debian testing watch)
[2023-03-15] Accepted bind9 1:9.19.11-1 (source) into experimental (Ondřej Surý)
[2023-03-15] Accepted bind9 1:9.18.13-1 (source) into unstable (Ondřej Surý)
[2023-02-26] Accepted bind9 1:9.18.12-1~bpo11+1 (source) into bullseye-backports (Bernhard Schmidt)
[2023-02-26] bind9 1:9.18.12-1 MIGRATED to testing (Debian testing watch)
[2023-02-16] Accepted bind9 1:9.19.10-1 (source) into experimental (Ondřej Surý)
[2023-02-15] Accepted bind9 1:9.18.12-1 (source) into unstable (Ondřej Surý)
[2023-01-31] Accepted bind9 1:9.16.37-1~deb11u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Ondřej Surý)
[2023-01-29] Accepted bind9 1:9.18.11-2~bpo11+1 (source) into bullseye-backports (Bernhard Schmidt)
[2023-01-29] bind9 1:9.18.11-2 MIGRATED to testing (Debian testing watch)
[2023-01-26] Accepted bind9 1:9.18.11-2 (source) into unstable (Ondřej Surý)
[2023-01-26] Accepted bind9 1:9.16.37-1~deb11u1 (source) into stable-security (Debian FTP Masters) (signed by: Ondřej Surý)
[2023-01-25] Accepted bind9 1:9.18.11-1 (source) into unstable (Ondřej Surý)
[2023-01-13] Accepted bind9 1:9.18.10-2~bpo11+1 (source) into bullseye-backports (Bernhard Schmidt)

bugs [bug history graph]

all: 35
RC: 1
I&N: 21
M&W: 13
F&P: 0
patch: 2

links

homepage
lintian (1, 20)
buildd: logs, checks, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
screenshots
l10n (100, -)
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1:9.18.18-0ubuntu2
59 bugs (5 patches)
patches for 1:9.18.18-0ubuntu2