Comment 4 for bug 2040359

This bug was fixed in the package bind9 - 1:9.18.21-0ubuntu1

---------------
bind9 (1:9.18.21-0ubuntu1) noble; urgency=medium

  * New upstream release 9.18.21 (LP: #2040359)
    - Updates:
      + Update IP addresses for B.ROOT-SERVERS.NET to 170.247.170.2 and
        2801:1b8:10::b.
      + Honor nsupdate -v option when server command specified by sending both
        the UPDATE request and the initial query over TCP.
      + Mark cookie-algorithm aes as deprecated, use SipHash-2-4, instead.
      + Mark resolver-nonbackoff-tries and resolver-retry-interval as
        deprecated.
      + Mark dnssec-must-be-secure as deprecated.
    - Bug Fixes:
      + Do not schedule unsigned versions of inline-signed zones containing
        DNSSEC records for resigning.
      + Take local authoritative data into account when looking up stale cache
        data.
      + Fix use of named -X and lock-file at the same time.
      + Fix improper lock-file removal.
      + Fix bound checking in Content-Length header in the statistics channel.
      + Fix memory leaks from not clearing the OpenSSL error stack.
      + Fix SERVFAIL responses from introduction of krb5-subdomain-self-rhs and
        ms-subdomain-self-rhs update policies.
      + Fix stale-refresh-time feature being disabled by cache flush.
      + Fix DNS message corruption from partial writes.
    - See https://bind9.readthedocs.io/en/v9.18.21/notes.html for additional
      information
  * d/p/CVE-2023-3341.patch, d/p/CVE-2023-4236.patch: Remove - fixed by
    upstream in version 9.18.19
  * d/p/always-use-standard-library-stdatomic.patch: Maintain use of the
    standard library stdatomic.h

 -- Lena Voytek <email address hidden> Thu, 25 Jan 2024 08:37:15 -0700