dnsdist - Debian Package Tracker

general

source: dnsdist (main)
version: 2.0.1-1
maintainer: dnsdist packagers (DMD)
uploaders: Chris Hofstaedtler [DMD]
arch: any
std-ver: 4.5.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.5.1-3
oldstable: 1.7.3-2
stable: 1.9.10-1
testing: 2.0.1-1
unstable: 2.0.1-1

versioned links

1.5.1-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.7.3-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.9.10-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.0.1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

dnsdist (1 bugs: 0, 0, 1, 0)

action needed

2 security issues in bullseye high

There are 2 open security issues in bullseye.

1 important issue:

CVE-2025-30193: In some circumstances, when DNSdist is configured to allow an unlimited number of queries on a single, incoming TCP connection from a client, an attacker can cause a denial of service by crafting a TCP exchange that triggers an exhaustion of the stack and a crash of DNSdist, causing a denial of service. The remedy is: upgrade to the patched 1.9.10 version. A workaround is to restrict the maximum number of queries on incoming TCP connections to a safe value, like 50, via the setMaxTCPQueriesPerConnection setting. We would like to thank Renaud Allard for bringing this issue to our attention.

1 issue postponed or untriaged:

CVE-2023-44487: (needs triaging) The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

Created: 2025-05-21 Last update: 2025-10-25 22:00

2 security issues in bookworm high

There are 2 open security issues in bookworm.

1 important issue:

CVE-2025-30193: In some circumstances, when DNSdist is configured to allow an unlimited number of queries on a single, incoming TCP connection from a client, an attacker can cause a denial of service by crafting a TCP exchange that triggers an exhaustion of the stack and a crash of DNSdist, causing a denial of service. The remedy is: upgrade to the patched 1.9.10 version. A workaround is to restrict the maximum number of queries on incoming TCP connections to a safe value, like 50, via the setMaxTCPQueriesPerConnection setting. We would like to thank Renaud Allard for bringing this issue to our attention.

1 issue left for the package maintainer to handle:

CVE-2023-44487: (needs triaging) The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

You can find information about how to handle this issue in the security team's documentation.

Created: 2023-11-13 Last update: 2025-10-25 22:00

lintian reports 1 error high

Lintian reports 1 error about this package. You should make the package lintian clean getting rid of them.

Created: 2025-09-23 Last update: 2025-09-23 04:31

3 new commits since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit 79176cdcbd1701af111c9263de236ebd1d553260
Author: Chris Hofstaedtler <zeha@debian.org>
Date:   Tue Oct 21 17:56:16 2025 +0200

    Build with GnuTLS again
    
    To match upstream and give users choice of crypto lib (and quality).

commit 7f5ff9a9753069e8cc03a92bce6e280dbf1dce94
Author: Chris Hofstaedtler <zeha@debian.org>
Date:   Tue Oct 21 17:52:01 2025 +0200

    Add X-Style: black

commit 5060cda1be35800df5ee32b6fb017b695c302413
Author: Chris Hofstaedtler <zeha@debian.org>
Date:   Tue Oct 21 17:51:25 2025 +0200

    Add Recommends: ca-certificates so DoT can perform cert validation

Created: 2025-10-21 Last update: 2025-10-22 01:03

1 open merge request in Salsa normal

There is 1 open merge request for this package on Salsa. You should consider reviewing and/or merging these merge requests.

Created: 2025-10-21 Last update: 2025-10-21 20:34

debian/patches: 1 patch to forward upstream low

Among the 1 debian patch available in version 2.0.1-1 of the package, we noticed the following issues:

1 patch where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2025-08-12 Last update: 2025-09-23 07:02

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.2 instead of 4.5.1).

Created: 2021-08-18 Last update: 2025-09-22 23:32

testing migrations

This package will soon be part of the auto-libsodium transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.

news

[rss feed]

[2025-09-28] dnsdist 2.0.1-1 MIGRATED to testing (Debian testing watch)
[2025-09-22] Accepted dnsdist 2.0.1-1 (source) into unstable (Chris Hofstaedtler) (signed by: Christian Hofstaedtler)
[2025-09-14] dnsdist 2.0.0-6 MIGRATED to testing (Debian testing watch)
[2025-09-07] Accepted dnsdist 2.0.0-6 (source) into unstable (Chris Hofstaedtler) (signed by: Christian Hofstaedtler)
[2025-09-06] Accepted dnsdist 2.0.0-5 (source arm64) into unstable (Chris Hofstaedtler) (signed by: Christian Hofstaedtler)
[2025-09-02] Accepted dnsdist 2.0.0-4 (source) into unstable (Chris Hofstaedtler) (signed by: Christian Hofstaedtler)
[2025-08-20] dnsdist 2.0.0-3 MIGRATED to testing (Debian testing watch)
[2025-08-12] Accepted dnsdist 2.0.0-3 (source) into unstable (Chris Hofstaedtler) (signed by: Christian Hofstaedtler)
[2025-07-30] Accepted dnsdist 2.0.0-2 (source) into experimental (Chris Hofstaedtler) (signed by: Christian Hofstaedtler)
[2025-07-21] Accepted dnsdist 2.0.0-1 (source) into experimental (Chris Hofstaedtler) (signed by: Christian Hofstaedtler)
[2025-07-20] Accepted dnsdist 2.0.0~rc2-1 (source) into experimental (Chris Hofstaedtler) (signed by: Christian Hofstaedtler)
[2025-07-12] Accepted dnsdist 2.0.0~rc1-2 (source) into experimental (Chris Hofstaedtler) (signed by: Christian Hofstaedtler)
[2025-07-12] Accepted dnsdist 2.0.0~rc1-1 (source) into experimental (Chris Hofstaedtler) (signed by: Christian Hofstaedtler)
[2025-05-27] dnsdist 1.9.10-1 MIGRATED to testing (Debian testing watch)
[2025-05-21] Accepted dnsdist 1.9.10-1 (source) into unstable (Chris Hofstaedtler) (signed by: Christian Hofstaedtler)
[2025-05-09] dnsdist 1.9.9-1 MIGRATED to testing (Debian testing watch)
[2025-04-29] Accepted dnsdist 1.9.9-1 (source) into unstable (Chris Hofstaedtler) (signed by: Christian Hofstaedtler)
[2024-12-23] dnsdist 1.9.8-1 MIGRATED to testing (Debian testing watch)
[2024-12-17] Accepted dnsdist 1.9.8-1 (source) into unstable (Chris Hofstaedtler) (signed by: Christian Hofstaedtler)
[2024-08-02] dnsdist 1.9.6-1 MIGRATED to testing (Debian testing watch)
[2024-07-27] Accepted dnsdist 1.9.6-1 (source) into unstable (Chris Hofstaedtler) (signed by: Christian Hofstaedtler)
[2024-07-01] dnsdist 1.9.5-1 MIGRATED to testing (Debian testing watch)
[2024-06-24] Accepted dnsdist 1.9.5-1 (source) into unstable (Chris Hofstaedtler) (signed by: Christian Hofstaedtler)
[2024-05-31] dnsdist 1.9.4-1 MIGRATED to testing (Debian testing watch)
[2024-05-25] Accepted dnsdist 1.9.4-1 (source) into unstable (Chris Hofstaedtler) (signed by: Christian Hofstaedtler)
[2024-05-03] dnsdist 1.9.3-1 MIGRATED to testing (Debian testing watch)
[2024-04-05] Accepted dnsdist 1.9.3-1 (source) into unstable (Chris Hofstaedtler) (signed by: Christian Hofstaedtler)
[2024-04-02] Accepted dnsdist 1.8.3-3 (source) into unstable (Chris Hofstaedtler) (signed by: Christian Hofstaedtler)
[2024-01-17] dnsdist 1.8.3-2 MIGRATED to testing (Debian testing watch)
[2024-01-12] Accepted dnsdist 1.8.3-2 (source) into unstable (Chris Hofstaedtler) (signed by: Christian Hofstaedtler)

bugs [bug history graph]

all: 2
RC: 0
I&N: 1
M&W: 1
F&P: 0
patch: 0

links

homepage
lintian (1, 0)
buildd: logs, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
screenshots
debian patches

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.9.10-1