bind9: merge with debian's 9.10.3.dfsg.P4-12.6
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| bind9 (Ubuntu) |
Fix Released
|
Low
|
Andreas Hasenack | ||
Bug Description
bind9 (1:9.10.
* Non-maintainer upload.
* Import upcoming DNSSEC KSK-2017 from 9.10.5 (Closes: #860794)
-- Bernhard Schmidt <email address hidden> Fri, 11 Aug 2017 19:10:07 +0200
From the bug:
"""
Hi,
ICANN will roll the DNSSEC root zone KSK in October 2017. DNSSEC-enabled
resolvers will then stop working unless they have the new key configured
to be trusted (note that in the default configuration a running BIND will
learn and store the new key using RFC5011 (managed-keys), but a new
installation will be broken).
The patch attached is generated by diffing ./bind.keys{.h} from BIND 9.10.3-P4
to BIND 9.10.5, where the changelog reads
4564. [maint] Update the built in managed keys to include the
Another way would be Bug#760459, but this will probably be too intrusive for
jessie and stretch.
"""
CVE References
| Changed in bind9 (Ubuntu): | |
| importance: | Undecided → Low |
| Launchpad Janitor (janitor) wrote | #1 |
| Changed in bind9 (Ubuntu): | |
| status: | In Progress → Fix Released |
This bug was fixed in the package bind9 - 1:9.10.
---------------
bind9 (1:9.10.
* Merge with Debian unstable (LP: #1712920). Remaining changes:
- Add RemainAfterExit to bind9-resolvconf unit configuration file
(LP #1536181).
- rules: Fix path to libsofthsm2.so. (LP #1685780)
- d/p/CVE-
introduced with the CVE-2016-8864.patch and fixed in
CVE-
- d/p/CVE-
regression (RT #44318) introduced with the CVE-2016-8864.patch
and fixed in CVE-2016-
- d/control, d/rules: add json support for the statistics channels.
(LP #1669193)
bind9 (1:9.10.
* Non-maintainer upload.
* Import upcoming DNSSEC KSK-2017 from 9.10.5 (Closes: #860794)
-- Andreas Hasenack <email address hidden> Thu, 24 Aug 2017 18:28:00 -0300