dnsjava - Debian Package Tracker

general

source: dnsjava (main)
version: 2.1.8-2
maintainer: Debian Java Maintainers (archive) (DMD)
uploaders: Kyo Lee [DMD] – Chris Grzegorczyk [DMD] – Graziano Obertelli [DMD]
arch: all
std-ver: 4.1.3
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 2.1.8-2
oldstable: 2.1.8-2
stable: 2.1.8-2
unstable: 2.1.8-2

versioned links

2.1.8-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libdnsjava-java

action needed

Problems while searching for a new upstream version high

uscan had problems while searching for a new upstream version:

In watchfile debian/watch, reading webpage
  http://www.dnsjava.org/download/ failed: 404 Not Found

Created: 2020-06-29 Last update: 2024-11-21 07:30

3 security issues in sid high

There are 3 open security issues in sid.

3 important issues:

CVE-2023-50387: Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.
CVE-2023-50868: The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations.
CVE-2024-25638: dnsjava is an implementation of DNS in Java. Records in DNS replies are not checked for their relevance to the query, allowing an attacker to respond with RRs from different zones. This vulnerability is fixed in 3.6.0.

Created: 2024-07-23 Last update: 2024-09-23 23:03

3 security issues in trixie high

There are 3 open security issues in trixie.

3 important issues:

CVE-2023-50387: Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.
CVE-2023-50868: The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations.
CVE-2024-25638: dnsjava is an implementation of DNS in Java. Records in DNS replies are not checked for their relevance to the query, allowing an attacker to respond with RRs from different zones. This vulnerability is fixed in 3.6.0.

Created: 2024-07-23 Last update: 2024-08-15 08:30

The package has not entered testing even though the delay is over normal

The package has not entered testing even though the 5-day delay is over. Check why.

Created: 2024-09-13 Last update: 2024-11-21 09:32

Multiarch hinter reports 1 issue(s) normal

There are issues with the multiarch metadata for this package.

libdnsjava-java could be marked Multi-Arch: foreign

Created: 2016-09-14 Last update: 2024-11-21 08:30

lintian reports 4 warnings normal

Lintian reports 4 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2020-07-29 Last update: 2022-07-30 12:12

1 low-priority security issue in bookworm low

There is 1 open security issue in bookworm.

1 issue left for the package maintainer to handle:

CVE-2024-25638: (needs triaging) dnsjava is an implementation of DNS in Java. Records in DNS replies are not checked for their relevance to the query, allowing an attacker to respond with RRs from different zones. This vulnerability is fixed in 3.6.0.

You can find information about how to handle this issue in the security team's documentation.

2 issues that should be fixed with the next stable update:

CVE-2023-50387: Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.
CVE-2023-50868: The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations.

Created: 2024-07-23 Last update: 2024-09-23 23:03

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.0 instead of 4.1.3).

Created: 2018-04-16 Last update: 2024-04-07 13:14

testing migrations

excuses:
- Migration status for dnsjava (- to 2.1.8-2): BLOCKED: Rejected/violates migration policy/introduces a regression
- Issues preventing migration:
- ∙ ∙ Updating dnsjava would introduce bugs in testing: #1077368, #1077750, #1077751
- Additional info:
- ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/d/dnsjava.html
- ∙ ∙ Reproducible on amd64 - info ♻
- ∙ ∙ Reproducible on arm64 - info ♻
- ∙ ∙ Reproducible on armhf - info ♻
- ∙ ∙ Reproducible on i386 - info ♻
- ∙ ∙ 2445 days old (needed 5 days)
- Not considered

news

[rss feed]

[2024-09-14] dnsjava REMOVED from testing (Debian testing watch)
[2018-03-18] dnsjava 2.1.8-2 MIGRATED to testing (Debian testing watch)
[2018-03-12] Accepted dnsjava 2.1.8-2 (source) into unstable (Emmanuel Bourg)
[2017-01-19] dnsjava 2.1.8-1 MIGRATED to testing (Debian testing watch)
[2017-01-08] Accepted dnsjava 2.1.8-1 (source all) into unstable (Emmanuel Bourg)
[2016-01-11] dnsjava 2.1.7+dfsg-1 MIGRATED to testing (Debian testing watch)
[2016-01-05] Accepted dnsjava 2.1.7+dfsg-1 (source all) into unstable (Emmanuel Bourg)
[2016-01-03] dnsjava REMOVED from testing (Debian testing watch)
[2015-04-27] dnsjava 2.1.7-0.1 MIGRATED to testing (Britney)
[2015-04-13] Accepted dnsjava 2.1.7-0.1 (source all) into unstable (Damian Minkov) (signed by: Raphaël Hertzog)
[2013-08-06] dnsjava 2.1.5-0.1 MIGRATED to testing (Debian testing watch)
[2013-07-26] Accepted dnsjava 2.1.5-0.1 (source all) (Damian Minkov) (signed by: Raphaël Hertzog)
[2013-07-08] dnsjava REMOVED from testing (Debian testing watch)
[2013-05-05] dnsjava 2.1.4-0.1 MIGRATED to testing (Debian testing watch)
[2013-03-26] Accepted dnsjava 2.1.4-0.1 (source all) (Damian Minkov) (signed by: Raphaël Hertzog)
[2010-01-08] dnsjava 2.0.8-1 MIGRATED to testing (Debian testing watch)
[2009-12-28] Accepted dnsjava 2.0.8-1 (source all) (Chris Grzegorczyk)

bugs [bug history graph]

all: 3
RC: 3
I&N: 0
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian (0, 4)
buildd: logs
popcon
browse source code
edit tags
other distros
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2.1.8-2
1 bug