Debian Package Tracker - knot-resolver

general

source: knot-resolver (main)
version: 3.2.1-3
maintainer: knot-resolver packagers (DMD)
uploaders: Ondřej Surý [DMD] – Daniel Kahn Gillmor [DMD]
arch: all amd64 armel armhf i386 mips mips64el mipsel ppc64 ppc64el
std-ver: 4.3.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

old-bpo: 3.2.1-3~bpo9+1
stable: 3.2.1-3
testing: 3.2.1-3
unstable: 3.2.1-3

versioned links

2.3.0-3~bpo9+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.2.1-1~bpo9+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.2.1-3~bpo9+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.2.1-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

knot-resolver (3 bugs: 0, 2, 1, 0)
knot-resolver-doc
knot-resolver-module-http (1 bugs: 1, 0, 0, 0)

action needed

A new upstream version is available: 4.2.0 high

A new upstream version 4.2.0 is available, you should consider packaging it.

Created: 2019-04-21 Last update: 2019-08-21 22:14

Marked for autoremoval on 27 August due to knot, lua-cqueues: #932048, #925772, #933285, #933917 high

Version 3.2.1-3 of knot-resolver is marked for autoremoval from testing on Tue 27 Aug 2019. It is affected by #932048. The removal of knot-resolver will also cause the removal of (transitive) reverse dependency: hddemux. It depends (transitively) on knot, lua-cqueues, affected by #925772, #933285, #933917. You should try to prevent the removal by fixing these RC bugs.

Created: 2019-07-21 Last update: 2019-08-21 21:46

lintian reports 4 warnings high

Lintian reports 4 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2019-07-21 Last update: 2019-08-12 06:07

2 security issues in sid high

There are 2 open security issues in sid.

2 important issues:

CVE-2019-10191: A vulnerability was discovered in DNS resolver of knot resolver before version 4.1.0 which allows remote attackers to downgrade DNSSEC-secure domains to DNSSEC-insecure state, opening possibility of domain hijack using attacks against insecure DNS protocol.
CVE-2019-10190: A vulnerability was discovered in DNS resolver component of knot resolver through version 3.2.0 before 4.1.0 which allows remote attackers to bypass DNSSEC validation for non-existence answer. NXDOMAIN answer would get passed through to the client even if its DNSSEC validation failed, instead of sending a SERVFAIL packet. Caching is not affected by this particular bug but see CVE-2019-10191.

Please fix them.

Created: 2019-07-14 Last update: 2019-07-26 08:23

2 security issues in buster high

There are 2 open security issues in buster.

2 important issues:

CVE-2019-10191: A vulnerability was discovered in DNS resolver of knot resolver before version 4.1.0 which allows remote attackers to downgrade DNSSEC-secure domains to DNSSEC-insecure state, opening possibility of domain hijack using attacks against insecure DNS protocol.
CVE-2019-10190: A vulnerability was discovered in DNS resolver component of knot resolver through version 3.2.0 before 4.1.0 which allows remote attackers to bypass DNSSEC validation for non-existence answer. NXDOMAIN answer would get passed through to the client even if its DNSSEC validation failed, instead of sending a SERVFAIL packet. Caching is not affected by this particular bug but see CVE-2019-10191.

Please fix them.

Created: 2019-07-14 Last update: 2019-07-26 08:23

2 security issues in bullseye high

There are 2 open security issues in bullseye.

2 important issues:

CVE-2019-10191: A vulnerability was discovered in DNS resolver of knot resolver before version 4.1.0 which allows remote attackers to downgrade DNSSEC-secure domains to DNSSEC-insecure state, opening possibility of domain hijack using attacks against insecure DNS protocol.
CVE-2019-10190: A vulnerability was discovered in DNS resolver component of knot resolver through version 3.2.0 before 4.1.0 which allows remote attackers to bypass DNSSEC validation for non-existence answer. NXDOMAIN answer would get passed through to the client even if its DNSSEC validation failed, instead of sending a SERVFAIL packet. Caching is not affected by this particular bug but see CVE-2019-10191.

Please fix them.

Created: 2019-07-14 Last update: 2019-07-26 08:23

5 new commits since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit 1ca57be9efc01300a600f69afa5611c0ff4aa51e
Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date:   Thu Apr 11 12:41:27 2019 -0400

    knot-resolver Recommends: lua-cqueues (Closes: #926771)

commit 636e0d10087cfb49821888eda834e60ec174f111
Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date:   Sun Mar 24 15:21:39 2019 +0100

    note goal of aligning sysvinit script with systemd mechanism

commit 022f54398fc12f59ece9809e7d853933a53915bc
Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date:   Sun Mar 24 15:08:15 2019 +0100

    kresd.conf: include comments similar to upstream

commit f09c258b34da870372a1baa6715b83468d167386
Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date:   Sun Mar 24 12:20:29 2019 +0100

    bring debian/TODO: bring up to date
    
    i've raised the concerns about warnings and linker dependencies
    upstream already.  I've also dropped the attempt to split out the
    library packaging since that does not appear to be functional.

commit 6c9d727f0979bbc1da1e007f5f266362ce6e5d61
Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date:   Sun Mar 24 12:13:20 2019 +0100

    Adopt preferred upstream name "Knot Resolver"
    
    Upstream apparently prefers the name "Knot Resolver" over "Knot DNS
    Resolver".  We should keep our messaging consistent with theirs.

Created: 2019-04-11 Last update: 2019-08-16 21:04

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.4.0 instead of 4.3.0).

Created: 2019-07-08 Last update: 2019-07-08 20:09

news

[rss feed]

[2019-03-24] Accepted knot-resolver 3.2.1-3~bpo9+1 (source) into stretch-backports->backports-policy, stretch-backports (Daniel Kahn Gillmor)
[2019-03-24] knot-resolver 3.2.1-3 MIGRATED to testing (Debian testing watch)
[2019-03-08] Accepted knot-resolver 3.2.1-3 (source) into unstable (Daniel Kahn Gillmor)
[2019-03-08] Accepted knot-resolver 3.2.1-2 (source) into unstable (Daniel Kahn Gillmor)
[2019-03-07] Accepted knot-resolver 3.2.1-1~bpo9+1 (source amd64 all) into stretch-backports, stretch-backports (Daniel Kahn Gillmor)
[2019-03-03] knot-resolver 3.2.1-1 MIGRATED to testing (Debian testing watch)
[2019-02-21] Accepted knot-resolver 3.2.1-1 (source) into unstable (Ondřej Surý)
[2018-12-31] knot-resolver 3.2.0-1 MIGRATED to testing (Debian testing watch)
[2018-12-23] Accepted knot-resolver 3.2.0-1 (source amd64 all) into unstable, unstable (Daniel Kahn Gillmor)
[2018-12-01] knot-resolver 3.1.0-1 MIGRATED to testing (Debian testing watch)
[2018-11-20] Accepted knot-resolver 3.1.0-1 (source) into unstable (Daniel Kahn Gillmor)
[2018-11-06] knot-resolver 3.0.0-9 MIGRATED to testing (Debian testing watch)
[2018-09-13] knot-resolver REMOVED from testing (Debian testing watch)
[2018-09-12] Accepted knot-resolver 3.0.0-9 (source) into unstable (Daniel Kahn Gillmor)
[2018-09-12] Accepted knot-resolver 3.0.0-8 (source) into unstable (Daniel Kahn Gillmor)
[2018-09-12] Accepted knot-resolver 3.0.0-7 (source) into unstable (Daniel Kahn Gillmor)
[2018-09-05] Accepted knot-resolver 3.0.0-6 (source) into unstable (Daniel Kahn Gillmor)
[2018-09-01] Accepted knot-resolver 3.0.0-5 (source) into unstable (Daniel Kahn Gillmor)
[2018-08-31] Accepted knot-resolver 3.0.0-4 (source) into unstable (Daniel Kahn Gillmor)
[2018-08-31] Accepted knot-resolver 3.0.0-3 (source) into unstable (Daniel Kahn Gillmor)
[2018-08-30] Accepted knot-resolver 3.0.0-2 (source) into unstable (Daniel Kahn Gillmor)
[2018-08-28] Accepted knot-resolver 3.0.0-1 (source amd64 all) into unstable, unstable (Daniel Kahn Gillmor)
[2018-08-27] Accepted knot-resolver 2.4.1-1 (source) into unstable (Daniel Kahn Gillmor)
[2018-05-30] knot-resolver 2.3.0-4 MIGRATED to testing (Debian testing watch)
[2018-05-29] Accepted knot-resolver 2.3.0-3~bpo9+1 (source amd64 all) into stretch-backports, stretch-backports (Daniel Kahn Gillmor)
[2018-05-24] Accepted knot-resolver 2.3.0-4 (source) into unstable (Daniel Kahn Gillmor)
[2018-05-21] knot-resolver 2.3.0-3 MIGRATED to testing (Debian testing watch)
[2018-05-14] Accepted knot-resolver 2.3.0-3 (source) into unstable (Daniel Kahn Gillmor)
[2018-05-05] knot-resolver REMOVED from testing (Debian testing watch)
[2018-05-02] knot-resolver 2.3.0-2 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 8
RC: 2
I&N: 5
M&W: 1
F&P: 0
patch: 0

links

homepage
lintian (0, 4)
buildd: logs, clang, reproducibility, cross
popcon
browse source code
edit tags
security tracker
screenshots
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 3.2.0-1
3 bugs