Change log for bind9 package in Ubuntu

175 of 312 results
Published in disco-release on 2018-12-15
Deleted in disco-proposed (Reason: moved to release)
bind9 (1:9.11.5+dfsg-1ubuntu1) disco; urgency=medium

  * Merge with Debian unstable. Remaining changes:
    - Build without lmdb support as that package is in Universe
    - Don't build dnstap as it depends on universe packages:
      + d/control: drop build-depends on libfstrm-dev, libprotobuf-c-dev and
        protobuf-c-compiler (universe packages)
      + d/dnsutils.install: don't install dnstap
      + d/libdns1104.symbols: don't include dnstap symbols
      + d/rules: don't build dnstap nor install dnstap.proto
  * Dropped:
    - SECURITY UPDATE: denial of service crash when deny-answer-aliases
      option is used
      + debian/patches/CVE-2018-5740-1.patch: explicit DNAME query could
        trigger a crash if deny-answer-aliases was set
      + debian/patches/CVE-2018-5740-2.patch: add tests
      + debian/patches/CVE-2018-5740-3.patch: caclulate nlabels and set
        chainingp correctly, add test
      + CVE-2018-5740
        [Fixed in new upstream version 9.11.5]
    - d/extras/apparmor.d/usr.sbin.named: add missing comma at the end of the
      line (Closes: #904983)
      [Fixed in 1:9.11.4+dfsg-4]
    - Add a patch to fix named-pkcs11 crashing on startup. (LP #1769440)
      [Fixed in 1:9.11.4.P1+dfsg-1]
    - Cherrypick from debian: Add new dst__openssleddsa_init optional symbol
      (it depends on OpenSSL version) (Closes: #897643)
      [Fixed in 1:9.11.4.P1+dfsg-1]
  * Added:
    - d/p/enable-udp-in-host-command.diff: fix parsing of the -U command line
      option (LP: #1804648)
    - d/p/fix-shutdown-race.diff: dig/host/nslookup could crash when interrupted
      close to a query timeout (LP: #1797926)
    - d/t/simpletest: drop the internetsociety.org test as it requires
      network egress access that is not available in the Ubuntu autopkgtest
      farm.

Published in bionic-updates on 2018-11-19
Deleted in bionic-proposed (Reason: moved to -updates)
bind9 (1:9.11.3+dfsg-1ubuntu1.3) bionic; urgency=medium

  [ Karl Stenerud ]
  * d/p/skip-rtld-deepbind-for-dyndb.diff: fix named-pkcs11 crashing on
    startup. Thanks to Petr Menšík <email address hidden> (LP: #1769440)

 -- Andreas Hasenack <email address hidden>  Wed, 10 Oct 2018 14:33:34 -0300
Superseded in disco-release on 2018-12-15
Published in cosmic-release on 2018-10-04
Deleted in cosmic-proposed (Reason: moved to release)
bind9 (1:9.11.4+dfsg-3ubuntu5) cosmic; urgency=high

  * No change rebuild against openssl 1.1.1 with TLS 1.3 support.

 -- Dimitri John Ledkov <email address hidden>  Sat, 29 Sep 2018 01:36:45 +0100
Superseded in cosmic-release on 2018-10-04
Deleted in cosmic-proposed on 2018-10-05 (Reason: moved to release)
bind9 (1:9.11.4+dfsg-3ubuntu4) cosmic; urgency=medium

  * SECURITY UPDATE: denial of service crash when deny-answer-aliases
    option is used
    - debian/patches/CVE-2018-5740-1.patch: explicit DNAME query could
      trigger a crash if deny-answer-aliases was set
    - debian/patches/CVE-2018-5740-2.patch: add tests
    - debian/patches/CVE-2018-5740-3.patch: caclulate nlabels and set
      chainingp correctly, add test
    - CVE-2018-5740

 -- Marc Deslauriers <email address hidden>  Thu, 20 Sep 2018 11:11:05 +0200
Published in xenial-updates on 2018-09-20
Published in xenial-security on 2018-09-20
bind9 (1:9.10.3.dfsg.P4-8ubuntu1.11) xenial-security; urgency=medium

  * SECURITY UPDATE: denial of service crash when deny-answer-aliases
    option is used
    - debian/patches/CVE-2018-5740.patch: explicit DNAME query could
      trigger a crash if deny-answer-aliases was set
    - CVE-2018-5740

 -- Marc Deslauriers <email address hidden>  Wed, 19 Sep 2018 14:18:30 +0200
Published in trusty-updates on 2018-09-20
Published in trusty-security on 2018-09-20
bind9 (1:9.9.5.dfsg-3ubuntu0.18) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service crash when deny-answer-aliases
    option is used
    - lib/dns/resolver.c: explicit DNAME query could trigger a crash if
      deny-answer-aliases was set
    - Patch backported from 9.9.13-P1.
    - CVE-2018-5740

 -- Marc Deslauriers <email address hidden>  Wed, 19 Sep 2018 14:23:16 +0200
Superseded in cosmic-release on 2018-09-20
Deleted in cosmic-proposed on 2018-09-21 (Reason: moved to release)
bind9 (1:9.11.4+dfsg-3ubuntu3) cosmic; urgency=medium

  * Cherrypick from debian: Add new dst__openssleddsa_init optional symbol
    (it depends on OpenSSL version) (Closes: #897643)

 -- Dimitri John Ledkov <email address hidden>  Tue, 18 Sep 2018 10:39:12 +0200
Superseded in cosmic-release on 2018-09-18
Deleted in cosmic-proposed on 2018-09-19 (Reason: moved to release)
bind9 (1:9.11.4+dfsg-3ubuntu2) cosmic; urgency=medium

  * d/p/skip-rtld-deepbind-for-dyndb.diff: Add a patch to fix named-pkcs11
    crashing on startup. (LP: #1769440)

 -- Karl Stenerud <email address hidden>  Thu, 30 Aug 2018 07:11:39 -0700
Superseded in bionic-updates on 2018-11-19
Published in bionic-security on 2018-09-20
bind9 (1:9.11.3+dfsg-1ubuntu1.2) bionic-security; urgency=medium

  * SECURITY UPDATE: denial of service crash when deny-answer-aliases
    option is used
    - debian/patches/CVE-2018-5740-1.patch: explicit DNAME query could
      trigger a crash if deny-answer-aliases was set
    - debian/patches/CVE-2018-5740-2.patch: add tests
    - debian/patches/CVE-2018-5740-3.patch: caclulate nlabels and set
      *chainingp correctly, add test
    - CVE-2018-5740

 -- Steve Beattie <email address hidden>  Thu, 09 Aug 2018 23:26:07 -0700
Superseded in cosmic-release on 2018-09-05
Deleted in cosmic-proposed on 2018-09-06 (Reason: moved to release)
bind9 (1:9.11.4+dfsg-3ubuntu1) cosmic; urgency=medium

  * Merge with Debian unstable. Remaining changes:
    - Build without lmdb support as that package is in Universe
  * Added:
    - Don't build dnstap as it depends on universe packages:
      + d/control: drop build-depends on libfstrm-dev, libprotobuf-c-dev and
        protobuf-c-compiler (universe packages)
      + d/dnsutils.install: don't install dnstap
      + d/libdns1102.symbols: don't include dnstap symbols
      + d/rules: don't build dnstap
    - d/extras/apparmor.d/usr.sbin.named: add missing comma at the end of the
      line (Closes: #904983)

Superseded in cosmic-release on 2018-08-01
Deleted in cosmic-proposed on 2018-08-05 (Reason: moved to release)
bind9 (1:9.11.3+dfsg-2ubuntu1) cosmic; urgency=medium

  * Merge with Debian unstable (LP: #1777935). Remaining changes:
    - Build without lmdb support as that package is in Universe
  * Drop:
    - SECURITY UPDATE: improperly permits recursive query service
      + debian/patches/CVE-2018-5738.patch: fix configure_view_acl() handling
        in bin/named/server.c.
      + CVE-2018-5738
      [Applied in Debian's 1:9.11.3+dfsg-2]

Superseded in cosmic-release on 2018-06-21
Deleted in cosmic-proposed on 2018-06-22 (Reason: moved to release)
bind9 (1:9.11.3+dfsg-1ubuntu2) cosmic; urgency=medium

  * SECURITY UPDATE: improperly permits recursive query service
    - debian/patches/CVE-2018-5738.patch: fix configure_view_acl() handling
      in bin/named/server.c.
    - CVE-2018-5738

 -- Marc Deslauriers <email address hidden>  Mon, 11 Jun 2018 09:41:51 -0400
Superseded in bionic-updates on 2018-09-20
Superseded in bionic-security on 2018-09-20
bind9 (1:9.11.3+dfsg-1ubuntu1.1) bionic-security; urgency=medium

  * SECURITY UPDATE: improperly permits recursive query service
    - debian/patches/CVE-2018-5738.patch: fix configure_view_acl() handling
      in bin/named/server.c.
    - CVE-2018-5738

 -- Marc Deslauriers <email address hidden>  Mon, 11 Jun 2018 09:41:51 -0400
Superseded in cosmic-release on 2018-06-13
Published in bionic-release on 2018-04-18
Deleted in bionic-proposed (Reason: moved to release)
bind9 (1:9.11.3+dfsg-1ubuntu1) bionic; urgency=low

  * New upstream release. (LP: #1763572)
    - fix a crash when configured with ipa-dns-install
  * Merge from Debian unstable.  Remaining changes:
    - Build without lmdb support as that package is in Universe

Superseded in bionic-release on 2018-04-18
Deleted in bionic-proposed on 2018-04-19 (Reason: moved to release)
bind9 (1:9.11.2.P1-1ubuntu5) bionic; urgency=medium

  * debian/patches/nsupdate-gssapi-fails-ad-45854.patch: fix updating
    DNS records in Microsoft AD using GSSAPI.  Thanks to Mark Andrews
    <email address hidden>. (LP: #1755439)

 -- Andreas Hasenack <email address hidden>  Fri, 16 Mar 2018 09:38:46 -0300
Superseded in bionic-release on 2018-03-22
Deleted in bionic-proposed on 2018-03-23 (Reason: moved to release)
bind9 (1:9.11.2.P1-1ubuntu4) bionic; urgency=medium

  * Fix apparmor profile filename (LP: #1754981)

 -- Andreas Hasenack <email address hidden>  Thu, 15 Mar 2018 10:06:57 -0300
Superseded in bionic-release on 2018-03-15
Deleted in bionic-proposed on 2018-03-17 (Reason: moved to release)
bind9 (1:9.11.2.P1-1ubuntu3) bionic; urgency=high

  * No change rebuild against openssl1.1.

 -- Dimitri John Ledkov <email address hidden>  Tue, 06 Feb 2018 12:14:22 +0000
Superseded in bionic-release on 2018-02-08
Deleted in bionic-proposed on 2018-02-10 (Reason: moved to release)
bind9 (1:9.11.2.P1-1ubuntu2) bionic; urgency=medium

  * Build without lmdb support as that package is in Universe (LP: #1746296)
    - d/control: remove Build-Depends on liblmdb-dev
    - d/rules: configure --without-lmdb
    - d/bind9.install: drop named-nzd2nzf and named-nzd2nzf.8 as it requires
      lmdb.

 -- Andreas Hasenack <email address hidden>  Tue, 30 Jan 2018 15:21:23 -0200
Superseded in bionic-proposed on 2018-01-30
bind9 (1:9.11.2.P1-1ubuntu1) bionic; urgency=medium

  * Merge with Debian unstable (LP: #1744930).
  * Drop:
    - Add RemainAfterExit to bind9-resolvconf unit configuration file
      (LP #1536181).
      [fixed in 1:9.10.6+dfsg-4]
    - rules: Fix path to libsofthsm2.so. (LP #1685780)
      [adopted in 1:9.10.6+dfsg-5]
    - d/p/CVE-2016-8864-regression-test.patch: tests for the regression
      introduced with the CVE-2016-8864.patch and fixed in
      CVE-2016-8864-regression.patch.
      [applied upstream]
    - d/p/CVE-2016-8864-regression2-test.patch: tests for the second
      regression (RT #44318) introduced with the CVE-2016-8864.patch
      and fixed in CVE-2016-8864-regression2.patch.
      [applied upstream]
    - d/control, d/rules: add json support for the statistics channels.
      (LP #1669193)
      [adopted in 1:9.10.6+dfsg-5]
  * d/p/add-ply-dependency-to-python-scripts.patch: setup.py is missing
    listing the python ply module as a dependency (Closes: #888463)

Published in artful-updates on 2018-01-17
Published in artful-security on 2018-01-17
bind9 (1:9.10.3.dfsg.P4-12.6ubuntu1.1) artful-security; urgency=medium

  * SECURITY UPDATE: assertion failure via improper cleanup
    - debian/patches/CVE-2017-3145.patch: fix cleanup handling in
      lib/dns/resolver.c.
    - CVE-2017-3145

 -- Marc Deslauriers <email address hidden>  Tue, 16 Jan 2018 07:24:33 -0500
Superseded in xenial-updates on 2018-09-20
Superseded in xenial-security on 2018-09-20
bind9 (1:9.10.3.dfsg.P4-8ubuntu1.10) xenial-security; urgency=medium

  * SECURITY UPDATE: assertion failure via improper cleanup
    - debian/patches/CVE-2017-3145.patch: fix cleanup handling in
      lib/dns/resolver.c.
    - CVE-2017-3145

 -- Marc Deslauriers <email address hidden>  Tue, 16 Jan 2018 07:27:16 -0500
Superseded in trusty-updates on 2018-09-20
Superseded in trusty-security on 2018-09-20
bind9 (1:9.9.5.dfsg-3ubuntu0.17) trusty-security; urgency=medium

  * SECURITY UPDATE: assertion failure via improper cleanup
    - lib/dns/resolver.c: fix cleanup handling.
    - Patch backported from 9.9.11-P1.
    - CVE-2017-3145

 -- Marc Deslauriers <email address hidden>  Tue, 16 Jan 2018 07:29:46 -0500
Obsolete in zesty-updates on 2018-06-22
Deleted in zesty-proposed on 2018-06-22 (Reason: moved to -updates)
bind9 (1:9.10.3.dfsg.P4-10.1ubuntu5.3) zesty; urgency=medium

  * d/bind9.service: source the defaults file and start the daemon with the
    options set there (LP: #1565060).

 -- Andreas Hasenack <email address hidden>  Mon, 06 Nov 2017 17:41:19 -0200
Superseded in xenial-updates on 2018-01-17
Deleted in xenial-proposed on 2018-01-18 (Reason: moved to -updates)
bind9 (1:9.10.3.dfsg.P4-8ubuntu1.9) xenial; urgency=medium

  * d/bind9.service: source the defaults file and start the daemon with the
    options set there (LP: #1565060).

 -- Andreas Hasenack <email address hidden>  Mon, 06 Nov 2017 17:26:27 -0200
Superseded in zesty-updates on 2017-11-16
Obsolete in zesty-security on 2018-06-22
bind9 (1:9.10.3.dfsg.P4-10.1ubuntu5.2) zesty-security; urgency=medium

  * SECURITY REGRESSION: regression in last security update
    - debian/patches/CVE-2017-3142-regression.patch: fix verification of
      TSIG signed TCP message sequences where not all the messages contain
      TSIG records in lib/dns/tsig.c, aded test to
      lib/dns/tests/Makefile.in, lib/dns/tests/tsig_test.c.
  * debian/patches/update_keys.patch: Update the built in managed keys to
    include the upcoming root KSK in bind.keys, bind.keys.h.

 -- Marc Deslauriers <email address hidden>  Fri, 15 Sep 2017 07:42:53 -0400
Superseded in xenial-updates on 2017-11-16
Superseded in xenial-security on 2018-01-17
bind9 (1:9.10.3.dfsg.P4-8ubuntu1.8) xenial-security; urgency=medium

  * SECURITY REGRESSION: regression in last security update
    - debian/patches/CVE-2017-3142-regression.patch: fix verification of
      TSIG signed TCP message sequences where not all the messages contain
      TSIG records in lib/dns/tsig.c, aded test to
      lib/dns/tests/Makefile.in, lib/dns/tests/tsig_test.c.
  * debian/patches/update_keys.patch: Update the built in managed keys to
    include the upcoming root KSK in bind.keys, bind.keys.h.

 -- Marc Deslauriers <email address hidden>  Fri, 15 Sep 2017 07:50:24 -0400
Superseded in trusty-updates on 2018-01-17
Superseded in trusty-security on 2018-01-17
bind9 (1:9.9.5.dfsg-3ubuntu0.16) trusty-security; urgency=medium

  * SECURITY REGRESSION: regression in last security update
    - fix verification of TSIG signed TCP message sequences where not all
      the messages contain TSIG records in lib/dns/tsig.c, aded test to
      lib/dns/tests/Makefile.in, lib/dns/tests/tsig_test.c.
    - 6fcdcabc11f18eb128167f7f7eca4a244bf75c52
  * Update the built in managed keys to include the upcoming root KSK in
    bind.keys, bin/named/bind.keys.h.
    - 9543825c155c5c5ec42cc4d95fe6f0d52ef9b0a7

 -- Marc Deslauriers <email address hidden>  Fri, 15 Sep 2017 07:53:57 -0400
Superseded in bionic-release on 2018-02-02
Published in artful-release on 2017-09-19
Deleted in artful-proposed (Reason: moved to release)
bind9 (1:9.10.3.dfsg.P4-12.6ubuntu1) artful; urgency=medium

  * Merge with Debian unstable (LP: #1712920). Remaining changes:
    - Add RemainAfterExit to bind9-resolvconf unit configuration file
      (LP #1536181).
    - rules: Fix path to libsofthsm2.so. (LP #1685780)
    - d/p/CVE-2016-8864-regression-test.patch: tests for the regression
      introduced with the CVE-2016-8864.patch and fixed in
      CVE-2016-8864-regression.patch.
    - d/p/CVE-2016-8864-regression2-test.patch: tests for the second
      regression (RT #44318) introduced with the CVE-2016-8864.patch
      and fixed in CVE-2016-8864-regression2.patch.
    - d/control, d/rules: add json support for the statistics channels.
      (LP #1669193)

Superseded in artful-release on 2017-09-19
Deleted in artful-proposed on 2017-09-21 (Reason: moved to release)
bind9 (1:9.10.3.dfsg.P4-12.5ubuntu1) artful; urgency=medium

  * Merge with Debian unstable (LP: #1701687). Remaining changes:
    - Add RemainAfterExit to bind9-resolvconf unit configuration file
      (LP #1536181).
    - rules: Fix path to libsofthsm2.so. (LP #1685780)
  * Drop:
    - SECURITY UPDATE: denial of service via assertion failure
      + debian/patches/CVE-2016-2776.patch: properly handle lengths in
        lib/dns/message.c.
      + CVE-2016-2776
      + [Fixed in Debian 1:9.10.3.dfsg.P4-11]
    - SECURITY UPDATE: assertion failure via class mismatch
      + debian/patches/CVE-2016-9131.patch: properly handle certain TKEY
        records in lib/dns/resolver.c.
      + CVE-2016-9131
      + [Fixed in Debian 1:9.10.3.dfsg.P4-11]
    - SECURITY UPDATE: assertion failure via inconsistent DNSSEC information
      + debian/patches/CVE-2016-9147.patch: fix logic when records are
        returned without the requested data in lib/dns/resolver.c.
      + CVE-2016-9147
      + [Fixed in Debian 1:9.10.3.dfsg.P4-11]
    - SECURITY UPDATE: assertion failure via unusually-formed DS record
      + debian/patches/CVE-2016-9444.patch: handle missing RRSIGs in
        lib/dns/message.c, lib/dns/resolver.c.
      + CVE-2016-9444
      + [Fixed in Debian 1:9.10.3.dfsg.P4-11]
    - SECURITY UPDATE: regression in CVE-2016-8864
      + debian/patches/rt43779.patch: properly handle CNAME -> DNAME in
        responses in lib/dns/resolver.c, added tests to
        bin/tests/system/dname/ns2/example.db,
        bin/tests/system/dname/tests.sh.
      + No CVE number
      + [Fixed in Debian 1:9.10.3.dfsg.P4-11 and 1:9.10.3.dfsg.P4-12]
    - SECURITY UPDATE: Combining dns64 and rpz can result in dereferencing
      a NULL pointer
      + debian/patches/CVE-2017-3135.patch: properly handle dns64 and rpz
        combination in bin/named/query.c, lib/dns/message.c,
        lib/dns/rdataset.c.
      + CVE-2017-3135
      + [Fixed in Debian 1:9.10.3.dfsg.P4-12]
    - SECURITY UPDATE: regression in CVE-2016-8864
      + debian/patches/rt44318.patch: synthesised CNAME before matching DNAME
        was still being cached when it should have been in lib/dns/resolver.c,
        added tests to bin/tests/system/dname/ans3/ans.pl,
        bin/tests/system/dname/ns1/root.db, bin/tests/system/dname/tests.sh.
      + No CVE number
      + [Fixed in Debian 1:9.10.3.dfsg.P4-12]
    - SECURITY UPDATE: Denial of Service due to an error handling
      synthesized records when using DNS64 with "break-dnssec yes;"
      + debian/patches/CVE-2017-3136.patch: reset noqname if query_dns64()
        called.
      + CVE-2017-3136
      + [Fixed in Debian 1:9.10.3.dfsg.P4-12.3]
    - SECURITY UPDATE: Denial of Service due to resolver terminating when
      processing a response packet containing a CNAME or DNAME
      + debian/patches/CVE-2017-3137.patch: don't expect a specific
        ordering of answer components; add testcases.
      + CVE-2017-3137
      + [Fixed in Debian 1:9.10.3.dfsg.P4-12.3 with 3 patch files]
    - SECURITY UPDATE: Denial of Service when receiving a null command on
      the control channel
      + debian/patches/CVE-2017-3138.patch: don't throw an assert if no
        command token is given; add testcase.
      + CVE-2017-3138
      + [Fixed in Debian 1:9.10.3.dfsg.P4-12.3]
    - SECURITY UPDATE: TSIG authentication issues
      + debian/patches/CVE-2017-3042,3043.patch: fix TSIG logic in
        lib/dns/dnssec.c, lib/dns/message.c, lib/dns/tsig.c.
      + CVE-2017-3142
      + CVE-2017-3143
      + [Fixed in Debian 1:9.10.3.dfsg.P4-12.4]
  * d/p/CVE-2016-8864-regression-test.patch: tests for the regression
    introduced with the CVE-2016-8864.patch and fixed in
    CVE-2016-8864-regression.patch.
  * d/p/CVE-2016-8864-regression2-test.patch: tests for the second
    regression (RT #44318) introduced with the CVE-2016-8864.patch
    and fixed in CVE-2016-8864-regression2.patch.
  * d/control, d/rules: add json support for the statistics channels.
    (LP: #1669193)

 -- Andreas Hasenack <email address hidden>  Fri, 11 Aug 2017 17:12:09 -0300
Superseded in artful-release on 2017-08-17
Deleted in artful-proposed on 2017-08-18 (Reason: moved to release)
bind9 (1:9.10.3.dfsg.P4-10.1ubuntu7) artful; urgency=medium

  * SECURITY UPDATE: TSIG authentication issues
    - debian/patches/CVE-2017-3042,3043.patch: fix TSIG logic in
      lib/dns/dnssec.c, lib/dns/message.c, lib/dns/tsig.c.
    - CVE-2017-3142
    - CVE-2017-3143

 -- Marc Deslauriers <email address hidden>  Mon, 03 Jul 2017 09:48:13 -0400
Superseded in xenial-updates on 2017-09-18
Superseded in xenial-security on 2017-09-18
bind9 (1:9.10.3.dfsg.P4-8ubuntu1.7) xenial-security; urgency=medium

  * SECURITY UPDATE: TSIG authentication issues
    - debian/patches/CVE-2017-3042,3043.patch: fix TSIG logic in
      lib/dns/dnssec.c, lib/dns/message.c, lib/dns/tsig.c.
    - CVE-2017-3142
    - CVE-2017-3143

 -- Marc Deslauriers <email address hidden>  Thu, 29 Jun 2017 07:51:25 -0400
Superseded in zesty-updates on 2017-09-18
Superseded in zesty-security on 2017-09-18
bind9 (1:9.10.3.dfsg.P4-10.1ubuntu5.1) zesty-security; urgency=medium

  * SECURITY UPDATE: TSIG authentication issues
    - debian/patches/CVE-2017-3042,3043.patch: fix TSIG logic in
      lib/dns/dnssec.c, lib/dns/message.c, lib/dns/tsig.c.
    - CVE-2017-3142
    - CVE-2017-3143

 -- Marc Deslauriers <email address hidden>  Thu, 29 Jun 2017 07:34:07 -0400
Obsolete in yakkety-updates on 2018-01-23
Obsolete in yakkety-security on 2018-01-23
bind9 (1:9.10.3.dfsg.P4-10.1ubuntu1.7) yakkety-security; urgency=medium

  * SECURITY UPDATE: TSIG authentication issues
    - debian/patches/CVE-2017-3042,3043.patch: fix TSIG logic in
      lib/dns/dnssec.c, lib/dns/message.c, lib/dns/tsig.c.
    - CVE-2017-3142
    - CVE-2017-3143

 -- Marc Deslauriers <email address hidden>  Thu, 29 Jun 2017 07:50:47 -0400
Superseded in trusty-updates on 2017-09-18
Superseded in trusty-security on 2017-09-18
bind9 (1:9.9.5.dfsg-3ubuntu0.15) trusty-security; urgency=medium

  * SECURITY UPDATE: TSIG authentication issues
    - lib/dns/dnssec.c, lib/dns/message.c, lib/dns/tsig.c: fix TSIG logic.
    - CVE-2017-3142
    - CVE-2017-3143

 -- Marc Deslauriers <email address hidden>  Thu, 29 Jun 2017 08:11:53 -0400
Superseded in artful-release on 2017-07-11
Deleted in artful-proposed on 2017-07-12 (Reason: moved to release)
bind9 (1:9.10.3.dfsg.P4-10.1ubuntu6) artful; urgency=medium

  * rules: Fix path to libsofthsm2.so. (LP: #1685780)

 -- Timo Aaltonen <email address hidden>  Mon, 24 Apr 2017 15:01:30 +0300
Superseded in yakkety-updates on 2017-06-29
Superseded in yakkety-security on 2017-06-29
bind9 (1:9.10.3.dfsg.P4-10.1ubuntu1.6) yakkety-security; urgency=medium

  * SECURITY UPDATE: Denial of Service due to an error handling
    synthesized records when using DNS64 with "break-dnssec yes;"
    - debian/patches/CVE-2017-3136.patch: reset noqname if query_dns64()
      called.
    - CVE-2017-3136
  * SECURITY UPDATE: Denial of Service due to resolver terminating when
    processing a response packet containing a CNAME or DNAME
    - debian/patches/CVE-2017-3137.patch: don't expect a specific
      ordering of answer components; add testcases.
    - CVE-2017-3137
  * SECURITY UPDATE: Denial of Service when receiving a null command on
    the control channel
    - debian/patches/CVE-2017-3138.patch: don't throw an assert if no
      command token is given; add testcase.
    - CVE-2017-3138

 -- Steve Beattie <email address hidden>  Thu, 13 Apr 2017 11:58:45 -0700
Published in precise-updates on 2017-04-17
Published in precise-security on 2017-04-17
bind9 (1:9.8.1.dfsg.P1-4ubuntu0.22) precise-security; urgency=medium

  * SECURITY UPDATE: Denial of Service due to an error handling
    synthesized records when using DNS64 with "break-dnssec yes;"
    - bin/named/query.c: reset noqname if query_dns64() called.
    - CVE-2017-3136
  * SECURITY UPDATE: Denial of Service due to resolver terminating when
    processing a response packet containing a CNAME or DNAME
    - lib/dns/resolver.c: don't expect a specific
      ordering of answer components
    - lib/dns/name.c: remove part of assertion that triggers in
      dns_name_split() (partial cherrypick of upstream
      dc3912f3caac1104fef441fd18571b7a975708ea
    - bin/tests/system/dname/ns2/example.db,
      bin/tests/system/dname/tests.sh: add testcases.
    - CVE-2017-3137
  * SECURITY UPDATE: Denial of Service when receiving a null command on
    the control channel
    - lib/isc/lex.c, lib/isc/include/isc/lex.h: don't throw an assert if no
      command token is given
    - CVE-2017-3138

 -- Steve Beattie <email address hidden>  Thu, 13 Apr 2017 00:02:24 -0700
Superseded in trusty-updates on 2017-06-29
Superseded in trusty-security on 2017-06-29
bind9 (1:9.9.5.dfsg-3ubuntu0.14) trusty-security; urgency=medium

  * SECURITY UPDATE: Denial of Service due to an error handling
    synthesized records when using DNS64 with "break-dnssec yes;"
    - bin/named/query.c: reset noqname if query_dns64() called.
    - CVE-2017-3136
  * SECURITY UPDATE: Denial of Service due to resolver terminating when
    processing a response packet containing a CNAME or DNAME
    - lib/dns/resolver.c: don't expect a specific
      ordering of answer components
    - lib/dns/name.c: remove part of assertion that triggers in
      dns_name_split() (partial cherrypick of upstream
      dc3912f3caac1104fef441fd18571b7a975708ea
    - bin/tests/system/dname/ns2/example.db,
      bin/tests/system/dname/tests.sh: add testcases.
    - CVE-2017-3137
  * SECURITY UPDATE: Denial of Service when receiving a null command on
    the control channel
    - lib/isc/lex.c, lib/isc/include/isc/lex.h: don't throw an assert if no
      command token is given
    - bin/tests/system/rndc/tests.sh: add testcase.
    - CVE-2017-3138

 -- Steve Beattie <email address hidden>  Wed, 12 Apr 2017 09:45:52 -0700
Superseded in artful-release on 2017-04-24
Deleted in artful-proposed on 2017-07-01 (Reason: moved to release)
Superseded in zesty-updates on 2017-06-29
Superseded in zesty-security on 2017-06-29
bind9 (1:9.10.3.dfsg.P4-10.1ubuntu5) zesty-security; urgency=medium

  * SECURITY UPDATE: Denial of Service due to an error handling
    synthesized records when using DNS64 with "break-dnssec yes;"
    - debian/patches/CVE-2017-3136.patch: reset noqname if query_dns64()
      called.
    - CVE-2017-3136
  * SECURITY UPDATE: Denial of Service due to resolver terminating when
    processing a response packet containing a CNAME or DNAME
    - debian/patches/CVE-2017-3137.patch: don't expect a specific
      ordering of answer components; add testcases.
    - CVE-2017-3137
  * SECURITY UPDATE: Denial of Service when receiving a null command on
    the control channel
    - debian/patches/CVE-2017-3138.patch: don't throw an assert if no
      command token is given; add testcase.
    - CVE-2017-3138

 -- Steve Beattie <email address hidden>  Wed, 12 Apr 2017 01:32:15 -0700
Superseded in xenial-updates on 2017-06-29
Superseded in xenial-security on 2017-06-29
bind9 (1:9.10.3.dfsg.P4-8ubuntu1.6) xenial-security; urgency=medium

  * SECURITY UPDATE: Denial of Service due to an error handling
    synthesized records when using DNS64 with "break-dnssec yes;"
    - debian/patches/CVE-2017-3136.patch: reset noqname if query_dns64()
      called.
    - CVE-2017-3136
  * SECURITY UPDATE: Denial of Service due to resolver terminating when
    processing a response packet containing a CNAME or DNAME
    - debian/patches/CVE-2017-3137.patch: don't expect a specific
      ordering of answer components; add testcases.
    - CVE-2017-3137
  * SECURITY UPDATE: Denial of Service when receiving a null command on
    the control channel
    - debian/patches/CVE-2017-3138.patch: don't throw an assert if no
      command token is given; add testcase.
    - CVE-2017-3138

 -- Steve Beattie <email address hidden>  Wed, 12 Apr 2017 00:57:50 -0700
Superseded in yakkety-updates on 2017-04-17
Deleted in yakkety-proposed on 2017-04-18 (Reason: moved to -updates)
bind9 (1:9.10.3.dfsg.P4-10.1ubuntu1.4) yakkety; urgency=medium

  * Add RemainAfterExit to bind9-resolvconf unit configuration file
    (LP: #1536181).

 -- Nishanth Aravamudan <email address hidden>  Wed, 22 Mar 2017 10:09:25 -0700
Superseded in artful-release on 2017-04-22
Obsolete in zesty-release on 2018-06-22
Deleted in zesty-proposed on 2018-06-22 (Reason: moved to release)
bind9 (1:9.10.3.dfsg.P4-10.1ubuntu4) zesty; urgency=medium

  * SECURITY UPDATE: Combining dns64 and rpz can result in dereferencing
    a NULL pointer
    - debian/patches/CVE-2017-3135.patch: properly handle dns64 and rpz
      combination in bin/named/query.c, lib/dns/message.c,
      lib/dns/rdataset.c.
    - CVE-2017-3135
  * SECURITY UPDATE: regression in CVE-2016-8864
    - debian/patches/rt44318.patch: synthesised CNAME before matching DNAME
      was still being cached when it should have been in lib/dns/resolver.c,
      added tests to bin/tests/system/dname/ans3/ans.pl,
      bin/tests/system/dname/ns1/root.db, bin/tests/system/dname/tests.sh.
    - No CVE number

 -- Marc Deslauriers <email address hidden>  Wed, 15 Feb 2017 09:37:39 -0500
Superseded in xenial-updates on 2017-04-17
Superseded in xenial-security on 2017-04-17
bind9 (1:9.10.3.dfsg.P4-8ubuntu1.5) xenial-security; urgency=medium

  * SECURITY UPDATE: Combining dns64 and rpz can result in dereferencing
    a NULL pointer
    - debian/patches/CVE-2017-3135.patch: properly handle dns64 and rpz
      combination in bin/named/query.c, lib/dns/message.c,
      lib/dns/rdataset.c.
    - CVE-2017-3135
  * SECURITY UPDATE: regression in CVE-2016-8864
    - debian/patches/rt44318.patch: synthesised CNAME before matching DNAME
      was still being cached when it should have been in lib/dns/resolver.c,
      added tests to bin/tests/system/dname/ans3/ans.pl,
      bin/tests/system/dname/ns1/root.db, bin/tests/system/dname/tests.sh.
    - No CVE number

 -- Marc Deslauriers <email address hidden>  Wed, 15 Feb 2017 10:29:00 -0500
Superseded in yakkety-updates on 2017-04-12
Superseded in yakkety-security on 2017-04-17
bind9 (1:9.10.3.dfsg.P4-10.1ubuntu1.3) yakkety-security; urgency=medium

  * SECURITY UPDATE: Combining dns64 and rpz can result in dereferencing
    a NULL pointer
    - debian/patches/CVE-2017-3135.patch: properly handle dns64 and rpz
      combination in bin/named/query.c, lib/dns/message.c,
      lib/dns/rdataset.c.
    - CVE-2017-3135
  * SECURITY UPDATE: regression in CVE-2016-8864
    - debian/patches/rt44318.patch: synthesised CNAME before matching DNAME
      was still being cached when it should have been in lib/dns/resolver.c,
      added tests to bin/tests/system/dname/ans3/ans.pl,
      bin/tests/system/dname/ns1/root.db, bin/tests/system/dname/tests.sh.
    - No CVE number

 -- Marc Deslauriers <email address hidden>  Wed, 15 Feb 2017 10:28:12 -0500
Superseded in trusty-updates on 2017-04-17
Superseded in trusty-security on 2017-04-17
bind9 (1:9.9.5.dfsg-3ubuntu0.13) trusty-security; urgency=medium

  * SECURITY UPDATE: Combining dns64 and rpz can result in dereferencing
    a NULL pointer
    - bin/named/query.c, lib/dns/message.c, lib/dns/rdataset.c: properly
      handle dns64 and rpz combination.
    - CVE-2017-3135
  * SECURITY UPDATE: regression in CVE-2016-8864
    - lib/dns/resolver.c: synthesised CNAME before matching DNAME was still
      being cached when it should have been,
    - bin/tests/system/dname/ans3/ans.pl,
      bin/tests/system/dname/ns1/root.db, bin/tests/system/dname/tests.sh:
      added tests.
    - No CVE number

 -- Marc Deslauriers <email address hidden>  Wed, 15 Feb 2017 09:19:14 -0500
Superseded in precise-updates on 2017-04-17
Superseded in precise-security on 2017-04-17
bind9 (1:9.8.1.dfsg.P1-4ubuntu0.21) precise-security; urgency=medium

  * SECURITY UPDATE: Combining dns64 and rpz can result in dereferencing
    a NULL pointer
    - bin/named/query.c, lib/dns/message.c, lib/dns/rdataset.c: properly
      handle dns64 and rpz combination.
    - CVE-2017-3135
  * SECURITY UPDATE: regression in CVE-2016-8864
    - lib/dns/resolver.c: synthesised CNAME before matching DNAME was still
      being cached when it should have been,
    - bin/tests/system/dname/ans3/ans.pl,
      bin/tests/system/dname/ns1/root.db, bin/tests/system/dname/tests.sh:
      added tests.
    - No CVE number

 -- Marc Deslauriers <email address hidden>  Wed, 15 Feb 2017 10:36:42 -0500
Superseded in trusty-updates on 2017-02-16
Deleted in trusty-proposed on 2017-02-18 (Reason: moved to -updates)
bind9 (1:9.9.5.dfsg-3ubuntu0.12) trusty; urgency=medium

  * Backport (70_precise_mtime.diff) 18b87b2a58d422fe4d3073540bf89b5a812ed2e5
    to trusty. LP: #1553176

 -- LaMont Jones <email address hidden>  Fri, 03 Feb 2017 13:13:21 -0700
Superseded in zesty-release on 2017-02-17
Deleted in zesty-proposed on 2017-02-18 (Reason: moved to release)
bind9 (1:9.10.3.dfsg.P4-10.1ubuntu3) zesty; urgency=medium

  * SECURITY UPDATE: assertion failure via class mismatch
    - debian/patches/CVE-2016-9131.patch: properly handle certain TKEY
      records in lib/dns/resolver.c.
    - CVE-2016-9131
  * SECURITY UPDATE: assertion failure via inconsistent DNSSEC information
    - debian/patches/CVE-2016-9147.patch: fix logic when records are
      returned without the requested data in lib/dns/resolver.c.
    - CVE-2016-9147
  * SECURITY UPDATE: assertion failure via unusually-formed DS record
    - debian/patches/CVE-2016-9444.patch: handle missing RRSIGs in
      lib/dns/message.c, lib/dns/resolver.c.
    - CVE-2016-9444
  * SECURITY UPDATE: regression in CVE-2016-8864
    - debian/patches/rt43779.patch: properly handle CNAME -> DNAME in
      responses in lib/dns/resolver.c, added tests to
      bin/tests/system/dname/ns2/example.db,
      bin/tests/system/dname/tests.sh.
    - No CVE number

 -- Marc Deslauriers <email address hidden>  Wed, 25 Jan 2017 09:28:10 -0500
Superseded in precise-updates on 2017-02-16
Superseded in precise-security on 2017-02-16
bind9 (1:9.8.1.dfsg.P1-4ubuntu0.20) precise-security; urgency=medium

  * SECURITY UPDATE: assertion failure via class mismatch
    - lib/dns/resolver.c: properly handle certain TKEY records.
    - CVE-2016-9131
  * SECURITY UPDATE: assertion failure via inconsistent DNSSEC information
    - lib/dns/resolver.c: fix logic when records are returned without the
      requested data.
    - CVE-2016-9147
  * SECURITY UPDATE: regression in CVE-2016-8864
    - lib/dns/resolver.c: properly handle CNAME -> DNAME in responses,
      added tests to bin/tests/system/dname/ns2/example.db,
      bin/tests/system/dname/tests.sh.
    - No CVE number

 -- Marc Deslauriers <email address hidden>  Mon, 09 Jan 2017 10:47:06 -0500
Superseded in xenial-updates on 2017-02-16
Superseded in xenial-security on 2017-02-16
bind9 (1:9.10.3.dfsg.P4-8ubuntu1.4) xenial-security; urgency=medium

  * SECURITY UPDATE: assertion failure via class mismatch
    - debian/patches/CVE-2016-9131.patch: properly handle certain TKEY
      records in lib/dns/resolver.c.
    - CVE-2016-9131
  * SECURITY UPDATE: assertion failure via inconsistent DNSSEC information
    - debian/patches/CVE-2016-9147.patch: fix logic when records are
      returned without the requested data in lib/dns/resolver.c.
    - CVE-2016-9147
  * SECURITY UPDATE: assertion failure via unusually-formed DS record
    - debian/patches/CVE-2016-9444.patch: handle missing RRSIGs in
      lib/dns/message.c, lib/dns/resolver.c.
    - CVE-2016-9444
  * SECURITY UPDATE: regression in CVE-2016-8864
    - debian/patches/rt43779.patch: properly handle CNAME -> DNAME in
      responses in lib/dns/resolver.c, added tests to
      bin/tests/system/dname/ns2/example.db,
      bin/tests/system/dname/tests.sh.
    - No CVE number

 -- Marc Deslauriers <email address hidden>  Mon, 09 Jan 2017 08:50:20 -0500
Superseded in trusty-updates on 2017-02-13
Superseded in trusty-security on 2017-02-16
bind9 (1:9.9.5.dfsg-3ubuntu0.11) trusty-security; urgency=medium

  * SECURITY UPDATE: assertion failure via class mismatch
    - lib/dns/resolver.c: properly handle certain TKEY records.
    - CVE-2016-9131
  * SECURITY UPDATE: assertion failure via inconsistent DNSSEC information
    - lib/dns/resolver.c: fix logic when records are returned without the
      requested data.
    - CVE-2016-9147
  * SECURITY UPDATE: assertion failure via unusually-formed DS record
    - lib/dns/message.c, lib/dns/resolver.c: handle missing RRSIGs.
    - CVE-2016-9444
  * SECURITY UPDATE: regression in CVE-2016-8864
    - lib/dns/resolver.c: properly handle CNAME -> DNAME in responses,
      added tests to bin/tests/system/dname/ns2/example.db,
      bin/tests/system/dname/tests.sh.
    - No CVE number

 -- Marc Deslauriers <email address hidden>  Mon, 09 Jan 2017 09:27:53 -0500
Superseded in yakkety-updates on 2017-02-16
Superseded in yakkety-security on 2017-02-16
bind9 (1:9.10.3.dfsg.P4-10.1ubuntu1.2) yakkety-security; urgency=medium

  * SECURITY UPDATE: assertion failure via class mismatch
    - debian/patches/CVE-2016-9131.patch: properly handle certain TKEY
      records in lib/dns/resolver.c.
    - CVE-2016-9131
  * SECURITY UPDATE: assertion failure via inconsistent DNSSEC information
    - debian/patches/CVE-2016-9147.patch: fix logic when records are
      returned without the requested data in lib/dns/resolver.c.
    - CVE-2016-9147
  * SECURITY UPDATE: assertion failure via unusually-formed DS record
    - debian/patches/CVE-2016-9444.patch: handle missing RRSIGs in
      lib/dns/message.c, lib/dns/resolver.c.
    - CVE-2016-9444
  * SECURITY UPDATE: regression in CVE-2016-8864
    - debian/patches/rt43779.patch: properly handle CNAME -> DNAME in
      responses in lib/dns/resolver.c, added tests to
      bin/tests/system/dname/ns2/example.db,
      bin/tests/system/dname/tests.sh.
    - No CVE number

 -- Marc Deslauriers <email address hidden>  Mon, 09 Jan 2017 08:37:39 -0500
Superseded in xenial-updates on 2017-01-12
Deleted in xenial-proposed on 2017-01-13 (Reason: moved to -updates)
bind9 (1:9.10.3.dfsg.P4-8ubuntu1.3) xenial; urgency=medium

  * Add RemainAfterExit to bind9-resolvconf unit configuration file
    (LP: #1536181).

 -- Nishanth Aravamudan <email address hidden>  Tue, 15 Nov 2016 08:30:31 -0800
Superseded in zesty-release on 2017-01-26
Deleted in zesty-proposed on 2017-01-27 (Reason: moved to release)
bind9 (1:9.10.3.dfsg.P4-10.1ubuntu2) zesty; urgency=medium

  * Add RemainAfterExit to bind9-resolvconf unit configuration file
    (LP: #1536181).

 -- Nishanth Aravamudan <email address hidden>  Tue, 15 Nov 2016 08:24:58 -0800
Superseded in yakkety-updates on 2017-01-12
Superseded in yakkety-security on 2017-01-12
bind9 (1:9.10.3.dfsg.P4-10.1ubuntu1.1) yakkety-security; urgency=medium

  * SECURITY UPDATE: denial of service via responses containing a DNAME
    answer
    - debian/patches/CVE-2016-8864.patch: remove assertion failure in
      lib/dns/resolver.c.
    - CVE-2016-8864

 -- Marc Deslauriers <email address hidden>  Mon, 31 Oct 2016 08:53:39 -0400
Superseded in xenial-updates on 2016-11-28
Superseded in xenial-security on 2017-01-12
bind9 (1:9.10.3.dfsg.P4-8ubuntu1.2) xenial-security; urgency=medium

  * SECURITY UPDATE: denial of service via responses containing a DNAME
    answer
    - debian/patches/CVE-2016-8864.patch: remove assertion failure in
      lib/dns/resolver.c.
    - CVE-2016-8864

 -- Marc Deslauriers <email address hidden>  Mon, 31 Oct 2016 08:56:39 -0400
Superseded in trusty-updates on 2017-01-12
Superseded in trusty-security on 2017-01-12
bind9 (1:9.9.5.dfsg-3ubuntu0.10) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service via responses containing a DNAME
    answer
    - lib/dns/resolver.c: remove assertion failure.
    - patch backported from 9.9.9-P4.
    - CVE-2016-8864

 -- Marc Deslauriers <email address hidden>  Mon, 31 Oct 2016 08:57:15 -0400
Superseded in precise-updates on 2017-01-12
Superseded in precise-security on 2017-01-12
bind9 (1:9.8.1.dfsg.P1-4ubuntu0.19) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service via responses containing a DNAME
    answer
    - lib/dns/resolver.c: remove assertion failure.
    - patch backported from 9.9.9-P4.
    - CVE-2016-8864

 -- Marc Deslauriers <email address hidden>  Mon, 31 Oct 2016 09:00:00 -0400
Superseded in precise-updates on 2016-11-01
Superseded in precise-security on 2016-11-01
bind9 (1:9.8.1.dfsg.P1-4ubuntu0.18) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service via malformed options
    - Backported upstream commit 4adf97c32fcca7d00e5756607fd045f2aab9c3d4.
    - CVE-2016-2848

 -- Marc Deslauriers <email address hidden>  Mon, 17 Oct 2016 14:39:54 +0200
Superseded in zesty-release on 2016-11-15
Obsolete in yakkety-release on 2018-01-23
Deleted in yakkety-proposed on 2018-01-23 (Reason: moved to release)
bind9 (1:9.10.3.dfsg.P4-10.1ubuntu1) yakkety; urgency=medium

  * SECURITY UPDATE: denial of service via assertion failure
    - debian/patches/CVE-2016-2776.patch: properly handle lengths in
      lib/dns/message.c.
    - CVE-2016-2776

 -- Marc Deslauriers <email address hidden>  Tue, 04 Oct 2016 14:31:17 -0400
Superseded in trusty-updates on 2016-11-01
Superseded in trusty-security on 2016-11-01
bind9 (1:9.9.5.dfsg-3ubuntu0.9) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service via assertion failure
    - lib/dns/message.c: properly handle lengths.
    - backported from patch provided by upstream.
    - CVE-2016-2776

 -- Marc Deslauriers <email address hidden>  Mon, 26 Sep 2016 14:40:09 -0400
Superseded in precise-updates on 2016-10-21
Superseded in precise-security on 2016-10-21
bind9 (1:9.8.1.dfsg.P1-4ubuntu0.17) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service via assertion failure
    - lib/dns/message.c: properly handle lengths.
    - backported from patch provided by upstream.
    - CVE-2016-2776

 -- Marc Deslauriers <email address hidden>  Mon, 26 Sep 2016 14:42:15 -0400
Superseded in xenial-updates on 2016-11-01
Superseded in xenial-security on 2016-11-01
bind9 (1:9.10.3.dfsg.P4-8ubuntu1.1) xenial-security; urgency=medium

  * SECURITY UPDATE: denial of service via assertion failure
    - debian/patches/CVE-2016-2776.patch: properly handle lengths in
      lib/dns/message.c.
    - CVE-2016-2776

 -- Marc Deslauriers <email address hidden>  Mon, 26 Sep 2016 14:15:52 -0400
Superseded in yakkety-release on 2016-10-05
Deleted in yakkety-proposed on 2016-10-06 (Reason: moved to release)
bind9 (1:9.10.3.dfsg.P4-10.1) unstable; urgency=medium

  * Non-maintainer upload.
  * Add explicit ordering for nss-lookup.target in bind9.service,
    lwresd.service. Patches by Michael Biebl <email address hidden>.
    (Closes: #826243, #826245)

 -- Christian Hofstaedtler <email address hidden>  Sat, 02 Jul 2016 14:32:50 +0200
Superseded in yakkety-release on 2016-07-13
Deleted in yakkety-proposed on 2016-07-15 (Reason: moved to release)
bind9 (1:9.10.3.dfsg.P4-10) unstable; urgency=medium

  * Use python3

 -- LaMont Jones <email address hidden>  Tue, 03 May 2016 17:39:49 -0600
Superseded in yakkety-release on 2016-05-05
Deleted in yakkety-proposed on 2016-05-06 (Reason: moved to release)
bind9 (1:9.10.3.dfsg.P4-9) unstable; urgency=medium

  * Fix bad patch from when we switched to quilt.  Closes: #820847  LP:
    #1552801, #1549788, #1553460
  * freshen patch to remove fuzz.

 -- LaMont Jones <email address hidden>  Tue, 26 Apr 2016 15:17:58 -0600
Superseded in xenial-updates on 2016-09-27
Deleted in xenial-proposed on 2016-09-28 (Reason: moved to -updates)
bind9 (1:9.10.3.dfsg.P4-8ubuntu1) xenial-proposed; urgency=medium

  * Fix bad patch from when we switched to quilt.  Closes: #820847  LP:
    #1552801, #1549788, #1553460

 -- LaMont Jones <email address hidden>  Tue, 26 Apr 2016 16:30:06 -0600
Superseded in yakkety-release on 2016-04-28
Published in xenial-release on 2016-04-14
Deleted in xenial-proposed (Reason: moved to release)
bind9 (1:9.10.3.dfsg.P4-8) unstable; urgency=medium

  [Timo Aaltonen]

  * Fix bind9-resolvconf.service installation.
  * Add support for native pkcs11.  LP: #1565392

  [Samuel Thibault]

  * Detect in6_pktinfo on hurd-i386.  Closes: #820404

 -- LaMont Jones <email address hidden>  Wed, 13 Apr 2016 13:19:37 -0600
Superseded in xenial-release on 2016-04-14
Deleted in xenial-proposed on 2016-04-15 (Reason: moved to release)
bind9 (1:9.10.3.dfsg.P4-5) experimental; urgency=medium

  * Drop dead code in bind9.preinst.
  * move from /var/run to /run for policy.

 -- LaMont Jones <email address hidden>  Sat, 19 Mar 2016 19:52:04 -0600
Superseded in xenial-release on 2016-03-22
Deleted in xenial-proposed on 2016-03-23 (Reason: moved to release)
bind9 (1:9.10.3.dfsg.P4-4) experimental; urgency=medium

  * use multiarch path in udebs
  * Updated root cache file.  Closes: #806954

 -- LaMont Jones <email address hidden>  Fri, 18 Mar 2016 20:50:49 -0600
Superseded in xenial-release on 2016-03-19
Deleted in xenial-proposed on 2016-03-20 (Reason: moved to release)
bind9 (1:9.10.3.dfsg.P4-3) experimental; urgency=medium

  * Fix vcs links
  * build in debian/tmp, use bind9.install

 -- LaMont Jones <email address hidden>  Fri, 18 Mar 2016 14:46:30 -0600
Superseded in xenial-proposed on 2016-03-18
bind9 (1:9.10.3.dfsg.P4-2) experimental; urgency=medium

  * updated precise_time patch
  * add RT#s to some patches
  * Merge ubuntu changes
  * Fix debian/rules to properly remove files from bind9 that are delivered
    elsewhere.  LP: #1559090

 -- LaMont Jones <email address hidden>  Fri, 18 Mar 2016 10:58:07 -0600
Superseded in xenial-proposed on 2016-03-18
bind9 (1:9.10.3.dfsg.P4-1ubuntu2) xenial; urgency=medium

  * Bump debhelper to v9 to use dh-exec.
  * libbind-export-dev: Fix the libbind.so symlink.
  * Move static libs to the multiarch libdir again.

 -- Matthias Klose <email address hidden>  Fri, 18 Mar 2016 13:30:03 +0100
Superseded in xenial-proposed on 2016-03-18
bind9 (1:9.10.3.dfsg.P4-1ubuntu1) xenial; urgency=medium

  * Fix udeb dependencies.

 -- Matthias Klose <email address hidden>  Fri, 18 Mar 2016 12:47:02 +0100
Superseded in xenial-proposed on 2016-03-18
bind9 (1:9.10.3.dfsg.P4-1) experimental; urgency=medium

  [ ISC ]
  * New upstream: 9.10.3-P3
    - Specific APL data could trigger a INSIST.  (CVE-2015-8704) [RT #41396]
    - render_ecs errors were mishandled when printing out a OPT record
      resulting in a assertion failure.  (CVE-2015-8705) [RT #41397]
    - Fixed a regression in resolver.c:possibly_mark() which caused
      known-bogus servers to be queried anyway. [RT #41321]
  * New upstream: 9.10.3-P4
    - Malformed control messages can trigger assertions in named and rndc.
      (CVE-2016-1285) [RT #41666]
    - Fix resolver assertion failure due to improper DNAME handling when
      parsing fetch reply messages. (CVE-2016-1286) [RT #41753]
    - Duplicate EDNS COOKIE options in a response could trigger an
      assertion failure. (CVE-2016-2088) [RT #41809]

  [LaMont Jones]

  * Do not build -export libs for libbind90 and liblwres.  Relates in part
    to, and is the last fix to LP: #1551351
  * update patches for 9.10.3.dfsg.P4.  Drop 50_CVE_2015-8704.diff

  [ Stefan Bader ]

  * Do not modify signal handlers for external apps. LP: #1556175

 -- LaMont Jones <email address hidden>  Thu, 17 Mar 2016 14:53:36 -0600
175 of 312 results