Change log for bind9 package in Ubuntu

76150 of 312 results
Superseded in precise-updates on 2016-09-27
Superseded in precise-security on 2016-09-27
bind9 (1:9.8.1.dfsg.P1-4ubuntu0.16) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service via rndc control channel input
    parsing error
    - properly check data in bin/named/control.c, bin/named/controlconf.c,
      bin/rndc/rndc.c, lib/isccc/cc.c.
    - CVE-2016-1285
  * SECURITY UPDATE: denial of service via resource record signatures
    parsing issue
    - fix improper DNAME handling in lib/dns/resolver.c.
    - CVE-2016-1286

 -- Marc Deslauriers <email address hidden>  Tue, 08 Mar 2016 08:35:01 -0500
Superseded in trusty-updates on 2016-09-27
Superseded in trusty-security on 2016-09-27
bind9 (1:9.9.5.dfsg-3ubuntu0.8) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service via rndc control channel input
    parsing error
    - properly check data in bin/named/control.c, bin/named/controlconf.c,
      bin/rndc/rndc.c, lib/isccc/cc.c.
    - CVE-2016-1285
  * SECURITY UPDATE: denial of service via resource record signatures
    parsing issue
    - fix improper DNAME handling in lib/dns/resolver.c.
    - CVE-2016-1286

 -- Marc Deslauriers <email address hidden>  Tue, 08 Mar 2016 08:32:14 -0500
Obsolete in wily-updates on 2018-01-22
Obsolete in wily-security on 2018-01-22
bind9 (1:9.9.5.dfsg-11ubuntu1.3) wily-security; urgency=medium

  * SECURITY UPDATE: denial of service via rndc control channel input
    parsing error
    - properly check data in bin/named/control.c, bin/named/controlconf.c,
      bin/rndc/rndc.c, lib/isccc/cc.c.
    - CVE-2016-1285
  * SECURITY UPDATE: denial of service via resource record signatures
    parsing issue
    - fix improper DNAME handling in lib/dns/resolver.c.
    - CVE-2016-1286

 -- Marc Deslauriers <email address hidden>  Tue, 08 Mar 2016 08:26:39 -0500
Superseded in xenial-release on 2016-03-19
Deleted in xenial-proposed on 2016-03-20 (Reason: moved to release)
bind9 (1:9.10.3.dfsg.P2-5) experimental; urgency=medium

  [Timo Aaltonen]

  * Sync 30_dynamic_db.diff from Fedora.
  * rules: Backup some files which dh_autoreconf_clean would remove, restore
    on clean.

  [Jamie Strandboge]

  * apparmor: use @{PROC} instead of /proc, allow read on
    sys.net.ipv4.ip_local_port_range.  LP: #1552441

  [LaMont Jones]

  * Return nanosecond-precise time for files, so that we more-correctly know
    when we can skip loading a zonefile.  (Bug introduced 9.9.3b2)

 -- LaMont Jones <email address hidden>  Thu, 03 Mar 2016 18:17:06 -0700
Superseded in xenial-release on 2016-03-04
Deleted in xenial-proposed on 2016-03-05 (Reason: moved to release)
bind9 (1:9.10.3.dfsg.P2-4) experimental; urgency=medium

  [Matthias Klose]

  * Fix .so symlinks.
  * libbind-dev: Depend on libirs141.
  * For the udeb's, use a separate build with a reduced feature set, drop the
    name difference, and do both builds in a separate directory.

  [Filip Pytloun]

  * Add apparmor rules needed by freeipa-server.  Closes: #814314

  [LaMont Jones]

  * Do not deliver libraries (left in /lib) as part of bind9.  LP: #1547052
  * clean up library path for libirs.

 -- LaMont Jones <email address hidden>  Fri, 19 Feb 2016 14:26:08 -0700
Superseded in xenial-proposed on 2016-02-19
bind9 (1:9.10.3.dfsg.P2-3ubuntu3) xenial; urgency=medium

  * For the udeb's, use a separate build with a reduced feature set.
  * Don't call the reduced build "export"; it was used by isc-dhcp as well.
  * Do both builds in a separate builddir.

 -- Matthias Klose <email address hidden>  Fri, 19 Feb 2016 15:01:16 +0100
Superseded in xenial-proposed on 2016-02-19
bind9 (1:9.10.3.dfsg.P2-3~ubuntu2) xenial; urgency=medium

  * libbind-dev: Depend on libirs141.
  * Ship libirs.{a,so} in libbind-dev.
  * Remove obsolete debian/*.dirs files.

 -- Matthias Klose <email address hidden>  Fri, 19 Feb 2016 15:01:16 +0100
Superseded in xenial-proposed on 2016-02-19
bind9 (1:9.10.3.dfsg.P2-3~ubuntu1) xenial; urgency=medium

  * Fix .so symlinks.

 -- Matthias Klose <email address hidden>  Thu, 18 Feb 2016 13:55:19 +0100
Superseded in xenial-proposed on 2016-02-18
bind9 (1:9.10.3.dfsg.P2-3~build3) xenial; urgency=medium

  * xenial copy of Debian upload

 -- LaMont Jones <email address hidden>  Wed, 17 Feb 2016 19:06:13 +0000
Superseded in xenial-release on 2016-02-23
Deleted in xenial-proposed on 2016-02-25 (Reason: moved to release)
bind9 (1:9.9.5.dfsg-12.1ubuntu1) xenial; urgency=medium

  * SECURITY UPDATE: denial of service via string formatting operations
    - lib/dns/rdata/in_1/apl_42.c: use correct length.
    - CVE-2015-8704

 -- Marc Deslauriers <email address hidden>  Thu, 28 Jan 2016 08:27:29 -0500
Obsolete in vivid-updates on 2018-01-18
Obsolete in vivid-security on 2018-01-18
bind9 (1:9.9.5.dfsg-9ubuntu0.5) vivid-security; urgency=medium

  * SECURITY UPDATE: denial of service via string formatting operations
    - lib/dns/rdata/in_1/apl_42.c: use correct length.
    - CVE-2015-8704

 -- Marc Deslauriers <email address hidden>  Mon, 18 Jan 2016 07:55:22 -0500
Superseded in wily-updates on 2016-03-09
Superseded in wily-security on 2016-03-09
bind9 (1:9.9.5.dfsg-11ubuntu1.2) wily-security; urgency=medium

  * SECURITY UPDATE: denial of service via string formatting operations
    - lib/dns/rdata/in_1/apl_42.c: use correct length.
    - CVE-2015-8704

 -- Marc Deslauriers <email address hidden>  Mon, 18 Jan 2016 07:50:57 -0500
Superseded in trusty-updates on 2016-03-09
Superseded in trusty-security on 2016-03-09
bind9 (1:9.9.5.dfsg-3ubuntu0.7) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service via string formatting operations
    - lib/dns/rdata/in_1/apl_42.c: use correct length.
    - CVE-2015-8704

 -- Marc Deslauriers <email address hidden>  Mon, 18 Jan 2016 07:55:47 -0500
Superseded in precise-updates on 2016-03-09
Superseded in precise-security on 2016-03-09
bind9 (1:9.8.1.dfsg.P1-4ubuntu0.15) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service via string formatting operations
    - lib/dns/rdata/in_1/apl_42.c: use correct length.
    - CVE-2015-8704

 -- Marc Deslauriers <email address hidden>  Mon, 18 Jan 2016 07:56:11 -0500
Superseded in xenial-release on 2016-01-28
Deleted in xenial-proposed on 2016-01-29 (Reason: moved to release)
bind9 (1:9.9.5.dfsg-12.1) unstable; urgency=high

  * Non-maintainer upload.
  * Add patch to fix CVE-2015-8000.
    CVE-2015-8000: Insufficient testing when parsing a message allowed
    records with an incorrect class to be accepted, triggering a REQUIRE
    failure when those records were subsequently cached. (Closes: #808081)

 -- Salvatore Bonaccorso <email address hidden>  Wed, 16 Dec 2015 15:01:39 +0100
Superseded in precise-updates on 2016-01-19
Superseded in precise-security on 2016-01-19
bind9 (1:9.8.1.dfsg.P1-4ubuntu0.14) precise-security; urgency=medium

  * SECURITY UPDATE: REQUIRE failure via incorrect class
    - properly handle class in lib/dns/include/dns/message.h,
      lib/dns/message.c, lib/dns/resolver.c, lib/dns/xfrin.c.
    - CVE-2015-8000

 -- Marc Deslauriers <email address hidden>  Mon, 14 Dec 2015 13:48:33 -0500
Superseded in vivid-updates on 2016-01-19
Superseded in vivid-security on 2016-01-19
bind9 (1:9.9.5.dfsg-9ubuntu0.4) vivid-security; urgency=medium

  * SECURITY UPDATE: REQUIRE failure via incorrect class
    - properly handle class in lib/dns/include/dns/message.h,
      lib/dns/message.c, lib/dns/resolver.c, lib/dns/xfrin.c.
    - CVE-2015-8000

 -- Marc Deslauriers <email address hidden>  Mon, 14 Dec 2015 13:45:33 -0500
Superseded in trusty-updates on 2016-01-19
Superseded in trusty-security on 2016-01-19
bind9 (1:9.9.5.dfsg-3ubuntu0.6) trusty-security; urgency=medium

  * SECURITY UPDATE: REQUIRE failure via incorrect class
    - properly handle class in lib/dns/include/dns/message.h,
      lib/dns/message.c, lib/dns/resolver.c, lib/dns/xfrin.c.
    - CVE-2015-8000

 -- Marc Deslauriers <email address hidden>  Mon, 14 Dec 2015 13:45:55 -0500
Superseded in wily-updates on 2016-01-19
Superseded in wily-security on 2016-01-19
bind9 (1:9.9.5.dfsg-11ubuntu1.1) wily-security; urgency=medium

  * SECURITY UPDATE: REQUIRE failure via incorrect class
    - properly handle class in lib/dns/include/dns/message.h,
      lib/dns/message.c, lib/dns/resolver.c, lib/dns/xfrin.c.
    - CVE-2015-8000

 -- Marc Deslauriers <email address hidden>  Mon, 14 Dec 2015 12:51:53 -0500
Superseded in xenial-release on 2015-12-17
Deleted in xenial-proposed on 2015-12-19 (Reason: moved to release)
bind9 (1:9.9.5.dfsg-12) unstable; urgency=high

  * Fix CVE-2015-5722: maliciously crafted DNSSEC key can cause named to crash.

 -- Michael Gilbert <email address hidden>  Thu, 03 Sep 2015 01:16:32 +0000
Superseded in xenial-release on 2015-10-28
Obsolete in wily-release on 2018-01-22
Deleted in wily-proposed on 2018-01-22 (Reason: moved to release)
bind9 (1:9.9.5.dfsg-11ubuntu1) wily; urgency=medium

  * SECURITY UPDATE: denial of service in DNSSEC-signed record validation
    via malformed keys
    - fix validation inlib/dns/hmac_link.c, lib/dns/include/dst/dst.h,
      lib/dns/ncache.c, lib/dns/openssldh_link.c,
      lib/dns/openssldsa_link.c, lib/dns/opensslecdsa_link.c,
      lib/dns/opensslrsa_link.c, lib/dns/resolver.c.
    - CVE-2015-5722

 -- Marc Deslauriers <email address hidden>  Tue, 01 Sep 2015 13:54:11 -0400
Superseded in precise-updates on 2015-12-15
Superseded in precise-security on 2015-12-15
bind9 (1:9.8.1.dfsg.P1-4ubuntu0.13) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service in DNSSEC-signed record validation
    via malformed keys
    - fix validation inlib/dns/hmac_link.c, lib/dns/include/dst/dst.h,
      lib/dns/ncache.c, lib/dns/openssldh_link.c,
      lib/dns/openssldsa_link.c, lib/dns/opensslrsa_link.c,
      lib/dns/resolver.c.
    - CVE-2015-5722

 -- Marc Deslauriers <email address hidden>  Tue, 01 Sep 2015 14:07:19 -0400
Superseded in trusty-updates on 2015-12-15
Superseded in trusty-security on 2015-12-15
bind9 (1:9.9.5.dfsg-3ubuntu0.5) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service in DNSSEC-signed record validation
    via malformed keys
    - fix validation inlib/dns/hmac_link.c, lib/dns/include/dst/dst.h,
      lib/dns/ncache.c, lib/dns/openssldh_link.c,
      lib/dns/openssldsa_link.c, lib/dns/opensslecdsa_link.c,
      lib/dns/opensslrsa_link.c, lib/dns/resolver.c.
    - CVE-2015-5722

 -- Marc Deslauriers <email address hidden>  Tue, 01 Sep 2015 14:00:51 -0400
Superseded in vivid-updates on 2015-12-15
Superseded in vivid-security on 2015-12-15
bind9 (1:9.9.5.dfsg-9ubuntu0.3) vivid-security; urgency=medium

  * SECURITY UPDATE: denial of service in DNSSEC-signed record validation
    via malformed keys
    - fix validation inlib/dns/hmac_link.c, lib/dns/include/dst/dst.h,
      lib/dns/ncache.c, lib/dns/openssldh_link.c,
      lib/dns/openssldsa_link.c, lib/dns/opensslecdsa_link.c,
      lib/dns/opensslrsa_link.c, lib/dns/resolver.c.
    - CVE-2015-5722

 -- Marc Deslauriers <email address hidden>  Tue, 01 Sep 2015 14:00:06 -0400
Superseded in wily-release on 2015-09-02
Deleted in wily-proposed on 2015-09-04 (Reason: moved to release)
bind9 (1:9.9.5.dfsg-11) unstable; urgency=high

  * Fix CVE-2015-5477: maliciously crafted TKEY query can cause named to exit
    (closes: #793903).

 -- Michael Gilbert <email address hidden>  Wed, 29 Jul 2015 23:46:48 +0000
Superseded in wily-release on 2015-08-01
Deleted in wily-proposed on 2015-08-02 (Reason: moved to release)
bind9 (1:9.9.5.dfsg-10ubuntu1) wily; urgency=medium

  * SECURITY UPDATE: denial of service in TKEY record query handling
    - lib/dns/tkey.c: clear out name before trying the answer section.
    - CVE-2015-5477

 -- Marc Deslauriers <email address hidden>  Mon, 27 Jul 2015 11:36:40 -0400
Superseded in precise-updates on 2015-09-02
Superseded in precise-security on 2015-09-02
bind9 (1:9.8.1.dfsg.P1-4ubuntu0.12) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service in TKEY record query handling
    - lib/dns/tkey.c: clear out name before trying the answer section.
    - CVE-2015-5477
  * SECURITY UPDATE: denial of service via AAAA record query
    - bin/named/query.c: arrange for RPZ rewriting of any A records.
    - CVE-2012-5689

 -- Marc Deslauriers <email address hidden>  Mon, 27 Jul 2015 11:42:05 -0400
Superseded in vivid-updates on 2015-09-02
Superseded in vivid-security on 2015-09-02
bind9 (1:9.9.5.dfsg-9ubuntu0.2) vivid-security; urgency=medium

  * SECURITY UPDATE: denial of service in TKEY record query handling
    - lib/dns/tkey.c: clear out name before trying the answer section.
    - CVE-2015-5477

 -- Marc Deslauriers <email address hidden>  Mon, 27 Jul 2015 11:40:15 -0400
Superseded in trusty-updates on 2015-09-02
Superseded in trusty-security on 2015-09-02
bind9 (1:9.9.5.dfsg-3ubuntu0.4) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service in TKEY record query handling
    - lib/dns/tkey.c: clear out name before trying the answer section.
    - CVE-2015-5477

 -- Marc Deslauriers <email address hidden>  Mon, 27 Jul 2015 11:41:31 -0400
Superseded in wily-release on 2015-07-28
Deleted in wily-proposed on 2015-07-30 (Reason: moved to release)
bind9 (1:9.9.5.dfsg-10) unstable; urgency=high

  * Fix CVE-2015-4620: DNSSEC validation of a malicously crafted zone can
    cause the resolver to crash (closes: #791715).

 -- Michael Gilbert <email address hidden>  Thu, 09 Jul 2015 00:43:38 +0000
Superseded in wily-release on 2015-07-20
Deleted in wily-proposed on 2015-07-22 (Reason: moved to release)
bind9 (1:9.9.5.dfsg-9ubuntu1) wily; urgency=medium

  * SECURITY UPDATE: resolver DoS via specially crafted zone data
    - lib/dns/validator.c: don't use uninitialized fixedname.
    - CVE-2015-4620

 -- Marc Deslauriers <email address hidden>  Mon, 29 Jun 2015 14:56:15 -0400
Superseded in vivid-updates on 2015-07-28
Superseded in vivid-security on 2015-07-28
bind9 (1:9.9.5.dfsg-9ubuntu0.1) vivid-security; urgency=medium

  * SECURITY UPDATE: resolver DoS via specially crafted zone data
    - lib/dns/validator.c: don't use uninitialized fixedname.
    - CVE-2015-4620

 -- Marc Deslauriers <email address hidden>  Mon, 29 Jun 2015 14:59:12 -0400
Obsolete in utopic-updates on 2016-11-03
Obsolete in utopic-security on 2016-11-03
bind9 (1:9.9.5.dfsg-4.3ubuntu0.3) utopic-security; urgency=medium

  * SECURITY UPDATE: resolver DoS via specially crafted zone data
    - lib/dns/validator.c: don't use uninitialized fixedname.
    - CVE-2015-4620

 -- Marc Deslauriers <email address hidden>  Mon, 29 Jun 2015 15:00:07 -0400
Superseded in precise-updates on 2015-07-28
Superseded in precise-security on 2015-07-28
bind9 (1:9.8.1.dfsg.P1-4ubuntu0.11) precise-security; urgency=medium

  * SECURITY UPDATE: resolver DoS via specially crafted zone data
    - lib/dns/validator.c: don't use uninitialized fixedname.
    - CVE-2015-4620

 -- Marc Deslauriers <email address hidden>  Mon, 29 Jun 2015 15:02:08 -0400
Superseded in trusty-updates on 2015-07-28
Superseded in trusty-security on 2015-07-28
bind9 (1:9.9.5.dfsg-3ubuntu0.3) trusty-security; urgency=medium

  * SECURITY UPDATE: resolver DoS via specially crafted zone data
    - lib/dns/validator.c: don't use uninitialized fixedname.
    - CVE-2015-4620

 -- Marc Deslauriers <email address hidden>  Mon, 29 Jun 2015 15:00:34 -0400
Superseded in wily-release on 2015-07-07
Obsolete in vivid-release on 2018-01-18
Deleted in vivid-proposed on 2018-01-19 (Reason: moved to release)
bind9 (1:9.9.5.dfsg-9) unstable; urgency=high


  * Fix CVE-2015-1349: named crash due to managed key rollover, primarily only
    affecting setups using DNSSEC (closes: #778733).

 -- Michael Gilbert <email address hidden>  Thu, 19 Feb 2015 03:42:21 +0000
Superseded in vivid-release on 2015-02-19
Deleted in vivid-proposed on 2015-02-21 (Reason: moved to release)
bind9 (1:9.9.5.dfsg-8ubuntu1) vivid; urgency=medium

  * SECURITY UPDATE: denial of service via revoking a managed trust anchor
    and supplying an untrusted replacement
    - lib/dns/zone.c: avoid crash due to managed-key rollover
    - Based on patch supplied by Evan Hunt <email address hidden>
    - CVE-2015-1349
 -- Marc Deslauriers <email address hidden>   Wed, 18 Feb 2015 07:35:41 -0500
Superseded in utopic-updates on 2015-07-07
Superseded in utopic-security on 2015-07-07
bind9 (1:9.9.5.dfsg-4.3ubuntu0.2) utopic-security; urgency=medium

  * SECURITY UPDATE: denial of service via revoking a managed trust anchor
    and supplying an untrusted replacement
    - lib/dns/zone.c: avoid crash due to managed-key rollover
    - Based on patch supplied by Evan Hunt <email address hidden>
    - CVE-2015-1349
 -- Marc Deslauriers <email address hidden>   Wed, 18 Feb 2015 07:38:33 -0500
Superseded in trusty-updates on 2015-07-07
Superseded in trusty-security on 2015-07-07
bind9 (1:9.9.5.dfsg-3ubuntu0.2) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service via revoking a managed trust anchor
    and supplying an untrusted replacement
    - lib/dns/zone.c: avoid crash due to managed-key rollover
    - Based on patch supplied by Evan Hunt <email address hidden>
    - CVE-2015-1349
 -- Marc Deslauriers <email address hidden>   Wed, 18 Feb 2015 07:40:48 -0500
Superseded in precise-updates on 2015-07-07
Superseded in precise-security on 2015-07-07
bind9 (1:9.8.1.dfsg.P1-4ubuntu0.10) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service via revoking a managed trust anchor
    and supplying an untrusted replacement
    - lib/dns/zone.c: avoid crash due to managed-key rollover
    - Based on patch supplied by Evan Hunt <email address hidden>
    - CVE-2015-1349
 -- Marc Deslauriers <email address hidden>   Wed, 18 Feb 2015 07:41:24 -0500
Superseded in vivid-release on 2015-02-19
Deleted in vivid-proposed on 2015-02-20 (Reason: moved to release)
bind9 (1:9.9.5.dfsg-8) unstable; urgency=medium


  * Launch rndc command in the background in networking scripts to avoid a
    hang in named from bringing down the entire network (closes: #760555).

 -- Michael Gilbert <email address hidden>  Thu, 01 Jan 2015 17:51:52 +0000
Obsolete in lucid-updates on 2016-10-26
Obsolete in lucid-security on 2016-10-26
bind9 (1:9.7.0.dfsg.P1-1ubuntu0.12) lucid-security; urgency=medium

  * SECURITY UPDATE: denial of service via delegation handling defect
    - limit max recursion in bin/named/config.c, bin/named/query.c,
      bin/named/server.c, lib/dns/adb.c, lib/dns/include/dns/adb.h,
      lib/dns/include/dns/resolver.h, lib/dns/resolver.c,
      lib/export/isc/Makefile.in, lib/isc/Makefile.in, lib/isc/counter.c,
      lib/isc/include/isc/counter.h, lib/isc/include/isc/Makefile.in,
      lib/isc/include/isc/types.h, lib/isc/tests/counter_test.c,
      lib/isccfg/namedconf.c.
    - Based on patch provided by upstream.
    - CVE-2014-8500
 -- Marc Deslauriers <email address hidden>   Tue, 09 Dec 2014 13:46:06 -0500
Superseded in precise-updates on 2015-02-18
Superseded in precise-security on 2015-02-18
bind9 (1:9.8.1.dfsg.P1-4ubuntu0.9) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service via delegation handling defect
    - limit max recursion in bin/named/config.c, bin/named/query.c,
      bin/named/server.c, lib/dns/adb.c, lib/dns/include/dns/adb.h,
      lib/dns/include/dns/resolver.h, lib/dns/resolver.c,
      lib/export/isc/Makefile.in, lib/isc/Makefile.in, lib/isc/counter.c,
      lib/isc/include/isc/counter.h, lib/isc/include/isc/Makefile.in,
      lib/isc/include/isc/types.h, lib/isc/tests/counter_test.c,
      lib/isccfg/namedconf.c.
    - Patch provided by upstream.
    - CVE-2014-8500
 -- Marc Deslauriers <email address hidden>   Tue, 09 Dec 2014 09:20:13 -0500
Superseded in trusty-updates on 2015-02-18
Superseded in trusty-security on 2015-02-18
bind9 (1:9.9.5.dfsg-3ubuntu0.1) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service via delegation handling defect
    - limit max recursion in bin/named/config.c, bin/named/query.c,
      bin/named/server.c, lib/dns/adb.c, lib/dns/include/dns/adb.h,
      lib/dns/include/dns/resolver.h, lib/dns/resolver.c,
      lib/export/isc/Makefile.in, lib/isc/counter.c,
      lib/isc/include/isc/counter.h, lib/isc/include/isc/Makefile.in,
      lib/isc/include/isc/types.h, lib/isc/Makefile.in,
      lib/isc/tests/counter_test.c, lib/isc/tests/Makefile.in,
      lib/isccfg/namedconf.c.
    - Patch extracted from 9.9.6-P1.
    - CVE-2014-8500
 -- Marc Deslauriers <email address hidden>   Tue, 09 Dec 2014 08:46:03 -0500
Superseded in utopic-updates on 2015-02-18
Superseded in utopic-security on 2015-02-18
bind9 (1:9.9.5.dfsg-4.3ubuntu0.1) utopic-security; urgency=medium

  * SECURITY UPDATE: denial of service via delegation handling defect
    - limit max recursion in bin/named/config.c, bin/named/query.c,
      bin/named/server.c, lib/dns/adb.c, lib/dns/include/dns/adb.h,
      lib/dns/include/dns/resolver.h, lib/dns/resolver.c,
      lib/export/isc/Makefile.in, lib/isc/counter.c,
      lib/isc/include/isc/counter.h, lib/isc/include/isc/Makefile.in,
      lib/isc/include/isc/types.h, lib/isc/Makefile.in,
      lib/isc/tests/counter_test.c, lib/isc/tests/Makefile.in,
      lib/isccfg/namedconf.c.
    - Patch extracted from 9.9.6-P1.
    - CVE-2014-8500
 -- Marc Deslauriers <email address hidden>   Tue, 09 Dec 2014 08:44:24 -0500
Superseded in vivid-release on 2015-01-05
Deleted in vivid-proposed on 2015-01-06 (Reason: moved to release)
bind9 (1:9.9.5.dfsg-6ubuntu1) vivid; urgency=medium

  * SECURITY UPDATE: denial of service via delegation handling defect
    - limit max recursion in bin/named/config.c, bin/named/query.c,
      bin/named/server.c, lib/dns/adb.c, lib/dns/include/dns/adb.h,
      lib/dns/include/dns/resolver.h, lib/dns/resolver.c,
      lib/export/isc/Makefile.in, lib/isc/counter.c,
      lib/isc/include/isc/counter.h, lib/isc/include/isc/Makefile.in,
      lib/isc/include/isc/types.h, lib/isc/Makefile.in,
      lib/isc/tests/counter_test.c, lib/isc/tests/Makefile.in,
      lib/isccfg/namedconf.c.
    - Patch extracted from 9.9.6-P1.
    - CVE-2014-8500
 -- Marc Deslauriers <email address hidden>   Tue, 09 Dec 2014 08:20:27 -0500
Superseded in vivid-release on 2014-12-09
Deleted in vivid-proposed on 2014-12-11 (Reason: moved to release)
bind9 (1:9.9.5.dfsg-6) unstable; urgency=medium


  * Include dlz_dlopen.h in libbind-dev (closes: #769117).

 -- Michael Gilbert <email address hidden>  Sun, 30 Nov 2014 22:53:50 +0000

Available diffs

Superseded in vivid-release on 2014-12-01
Deleted in vivid-proposed on 2014-12-02 (Reason: moved to release)
bind9 (1:9.9.5.dfsg-5) unstable; urgency=medium


  * Avoid libnsl dependency on non-linux architectures.  Closes: #766430
  * Install export libraries to /lib instead of /usr/lib.  Closes: #766544
  * Add myself to the maintainer team with approval from LaMont and Bdale.

 -- Michael Gilbert <email address hidden>  Thu, 30 Oct 2014 02:42:17 +0000
Superseded in vivid-release on 2014-10-30
Obsolete in utopic-release on 2016-11-03
Deleted in utopic-proposed on 2016-11-03 (Reason: moved to release)
bind9 (1:9.9.5.dfsg-4.3) unstable; urgency=medium


  * Non-maintainer upload.
  * Mark critical section as not parallel in the makefile.  Closes: #762766

 -- Michael Gilbert <email address hidden>  Mon, 13 Oct 2014 04:37:55 +0000
Superseded in utopic-proposed on 2014-10-15
bind9 (1:9.9.5.dfsg-4.2) unstable; urgency=low


  * Non-maintainer upload.
  * Fix intermittent parallel build failure.  Closes: #762766
  * Set -fno-delete-null-pointer-checks.  Closes: #750760
  * Use separate packages for the udebs.  Closes: #762762
  * Don't install configuration files to /usr.  Closes: #762948

 -- Michael Gilbert <email address hidden>  Mon, 06 Oct 2014 01:23:57 +0000
Superseded in utopic-release on 2014-10-15
Deleted in utopic-proposed on 2014-10-16 (Reason: moved to release)
bind9 (1:9.9.5.dfsg-4) unstable; urgency=low


  [Julien Cristau]

  * FTBFS on kfreebsd.  Closes: #741285

  [LaMont Jones]

  * revert aclocal.m4 expansion from earlier merge

 -- LaMont Jones <email address hidden>  Tue, 29 Apr 2014 14:48:50 -0600

Available diffs

Superseded in utopic-release on 2014-04-30
Published in trusty-release on 2014-03-24
Deleted in trusty-proposed (Reason: moved to release)
bind9 (1:9.9.5.dfsg-3) unstable; urgency=low


  * Re-enable rrl (now a configure option).  Closes: #741059 LP: #1288823

 -- LaMont Jones <email address hidden>  Mon, 24 Mar 2014 06:55:55 -0600

Available diffs

Superseded in trusty-release on 2014-03-24
Deleted in trusty-proposed on 2014-03-25 (Reason: moved to release)
bind9 (1:9.9.5.dfsg-2) unstable; urgency=low


  * merge in ubuntu 1:9.9.3.dfsg.P2-4ubuntu3
  * move dnssec-coverage to bind9utils.  Closes: #739994
  * dnssec-{checkds,verify} manpages in wrong package.  Closes: #739995

 -- LaMont Jones <email address hidden>  Wed, 26 Feb 2014 09:30:31 -0700
Superseded in trusty-release on 2014-03-04
Deleted in trusty-proposed on 2014-03-06 (Reason: moved to release)
bind9 (1:9.9.3.dfsg.P2-4ubuntu3) trusty; urgency=low

  * SECURITY UPDATE: denial of service when processing NSEC3-signed zone
    queries
    - debian/patches/CVE-2014-0591.patch: don't call memcpy with
      overlapping ranges in bin/named/query.c.
    - patch backported from 9.9.4-P2.
    - CVE-2014-0591
 -- Marc Deslauriers <email address hidden>   Fri, 10 Jan 2014 09:36:55 -0500
Superseded in lucid-updates on 2014-12-09
Superseded in lucid-security on 2014-12-09
bind9 (1:9.7.0.dfsg.P1-1ubuntu0.11) lucid-security; urgency=low

  * SECURITY UPDATE: denial of service when processing NSEC3-signed zone
    queries
    - debian/patches/CVE-2014-0591.patch: don't call memcpy with
      overlapping ranges in bin/named/query.c.
    - patch backported from 9.8.6-P2.
    - CVE-2014-0591
 -- Marc Deslauriers <email address hidden>   Fri, 10 Jan 2014 09:45:07 -0500
Superseded in precise-updates on 2014-12-09
Superseded in precise-security on 2014-12-09
bind9 (1:9.8.1.dfsg.P1-4ubuntu0.8) precise-security; urgency=low

  * SECURITY UPDATE: denial of service when processing NSEC3-signed zone
    queries
    - debian/patches/CVE-2014-0591.patch: don't call memcpy with
      overlapping ranges in bin/named/query.c.
    - patch backported from 9.8.6-P2.
    - CVE-2014-0591
 -- Marc Deslauriers <email address hidden>   Fri, 10 Jan 2014 09:44:31 -0500
Obsolete in quantal-updates on 2015-04-24
Obsolete in quantal-security on 2015-04-24
bind9 (1:9.8.1.dfsg.P1-4.2ubuntu3.4) quantal-security; urgency=low

  * SECURITY UPDATE: denial of service when processing NSEC3-signed zone
    queries
    - debian/patches/CVE-2014-0591.patch: don't call memcpy with
      overlapping ranges in bin/named/query.c.
    - patch backported from 9.8.6-P2.
    - CVE-2014-0591
 -- Marc Deslauriers <email address hidden>   Fri, 10 Jan 2014 09:43:20 -0500
Obsolete in raring-updates on 2015-04-24
Obsolete in raring-security on 2015-04-24
bind9 (1:9.9.2.dfsg.P1-2ubuntu2.2) raring-security; urgency=low

  * SECURITY UPDATE: denial of service when processing NSEC3-signed zone
    queries
    - debian/patches/CVE-2014-0591.patch: don't call memcpy with
      overlapping ranges in bin/named/query.c.
    - patch backported from 9.9.4-P2.
    - CVE-2014-0591
 -- Marc Deslauriers <email address hidden>   Fri, 10 Jan 2014 09:42:41 -0500
Obsolete in saucy-updates on 2015-04-24
Obsolete in saucy-security on 2015-04-24
bind9 (1:9.9.3.dfsg.P2-4ubuntu1.1) saucy-security; urgency=low

  * SECURITY UPDATE: denial of service when processing NSEC3-signed zone
    queries
    - debian/patches/CVE-2014-0591.patch: don't call memcpy with
      overlapping ranges in bin/named/query.c.
    - patch backported from 9.9.4-P2.
    - CVE-2014-0591
 -- Marc Deslauriers <email address hidden>   Fri, 10 Jan 2014 09:41:43 -0500
Superseded in trusty-release on 2014-01-13
Deleted in trusty-proposed on 2014-01-15 (Reason: moved to release)
bind9 (1:9.9.3.dfsg.P2-4ubuntu2) trusty; urgency=medium

  * Use dh-autoreconf to update libtool and configure for new ports.
 -- Adam Conrad <email address hidden>   Wed, 18 Dec 2013 04:42:22 -0700
Superseded in trusty-release on 2013-12-19
Obsolete in saucy-release on 2015-04-24
Deleted in saucy-proposed on 2015-04-28 (Reason: moved to release)
bind9 (1:9.9.3.dfsg.P2-4ubuntu1) saucy; urgency=low

  * Use dh_autotools-dev to update config.{sub,guess} for new ports.
 -- Adam Conrad <email address hidden>   Mon, 07 Oct 2013 23:09:45 -0600
Superseded in saucy-release on 2013-10-08
Deleted in saucy-proposed on 2013-10-09 (Reason: moved to release)
bind9 (1:9.9.3.dfsg.P2-4) unstable; urgency=low


  [Peter Marschall]

  * If rndc.conf exists, skip creation of rndc.key.  Closes: #620394

  [Al Tarakanoff]

  * properly quote check of pid in bind9 init.d.  LP: #1092243

  [LaMont Jones]

  * include distro and package version in version string
  * apparmor: allow GeoIP data file access.  LP: #834901
  * enable filter-aaaa.  Closes: #701704  LP: #1115168

 -- LaMont Jones <email address hidden>  Thu, 29 Aug 2013 16:22:29 -0600
Superseded in saucy-release on 2013-09-05
Deleted in saucy-proposed on 2013-09-06 (Reason: moved to release)
bind9 (1:9.9.3.dfsg.P2-3) unstable; urgency=low


  [Michael Stapelberg]

  * add systemd service file.  Closes: #718212

  [LaMont Jones]

  * deliver more dnssec-* tools in bind9utils.  Closes: #713026
  * support parallel=N DEB_BUILD_OPTIONS, fix -j build. Closes: #713025
  * deliver rrl.h and stat.h Closes: #692483, #720813

 -- LaMont Jones <email address hidden>  Tue, 27 Aug 2013 10:06:37 -0600
Superseded in saucy-release on 2013-08-28
Deleted in saucy-proposed on 2013-08-30 (Reason: moved to release)
bind9 (1:9.9.2.dfsg.P1-2ubuntu3) saucy; urgency=low

  * SECURITY UPDATE: denial of service via incorrect bounds checking on
    private type 'keydata'
    - lib/dns/rdata/generic/keydata_65533.c: check for correct length.
    - Patch backported from 9.9.3-P2
    - CVE-2013-4854
 -- Marc Deslauriers <email address hidden>   Sun, 28 Jul 2013 10:13:06 -0400
Superseded in lucid-updates on 2014-01-13
Superseded in lucid-security on 2014-01-13
bind9 (1:9.7.0.dfsg.P1-1ubuntu0.10) lucid-security; urgency=low

  * SECURITY UPDATE: denial of service via incorrect bounds checking on
    private type 'keydata'
    - lib/dns/rdata/generic/keydata_65533.c: check for correct length.
    - Patch backported from 9.8.5-P2
    - CVE-2013-4854
 -- Marc Deslauriers <email address hidden>   Fri, 26 Jul 2013 22:57:04 -0400
Superseded in precise-updates on 2014-01-13
Superseded in precise-security on 2014-01-13
bind9 (1:9.8.1.dfsg.P1-4ubuntu0.7) precise-security; urgency=low

  * SECURITY UPDATE: denial of service via incorrect bounds checking on
    private type 'keydata'
    - lib/dns/rdata/generic/keydata_65533.c: check for correct length.
    - Patch backported from 9.8.5-P2
    - CVE-2013-4854
 -- Marc Deslauriers <email address hidden>   Fri, 26 Jul 2013 22:56:08 -0400
Superseded in quantal-updates on 2014-01-13
Superseded in quantal-security on 2014-01-13
bind9 (1:9.8.1.dfsg.P1-4.2ubuntu3.3) quantal-security; urgency=low

  * SECURITY UPDATE: denial of service via incorrect bounds checking on
    private type 'keydata'
    - lib/dns/rdata/generic/keydata_65533.c: check for correct length.
    - Patch backported from 9.8.5-P2
    - CVE-2013-4854
 -- Marc Deslauriers <email address hidden>   Fri, 26 Jul 2013 22:54:25 -0400
Superseded in raring-updates on 2014-01-13
Superseded in raring-security on 2014-01-13
bind9 (1:9.9.2.dfsg.P1-2ubuntu2.1) raring-security; urgency=low

  * SECURITY UPDATE: denial of service via incorrect bounds checking on
    private type 'keydata'
    - lib/dns/rdata/generic/keydata_65533.c: check for correct length.
    - Patch backported from 9.9.3-P2
    - CVE-2013-4854
 -- Marc Deslauriers <email address hidden>   Fri, 26 Jul 2013 22:51:51 -0400
Superseded in saucy-release on 2013-07-28
Obsolete in raring-release on 2015-04-24
Deleted in raring-proposed on 2015-04-27 (Reason: moved to release)
bind9 (1:9.9.2.dfsg.P1-2ubuntu2) raring; urgency=low

  * configure.in: detect libxml 2.9 as well as 2.[678] (LP: #1164475).
  * debian/control: add Build-Depends on dh-autoreconf.
  * debian/rules: use dh_autoreconf and dh_autoreconf_clean.
 -- Robie Basak <email address hidden>   Wed, 10 Apr 2013 16:50:28 +0000
Superseded in raring-release on 2013-04-15
Deleted in raring-proposed on 2013-04-16 (Reason: moved to release)
bind9 (1:9.9.2.dfsg.P1-2ubuntu1) raring; urgency=low

  * SECURITY UPDATE: denial of service via regex syntax checking
    - configure,configure.in,config.h.in: remove check for regex.h to
      disable regex syntax checking.
    - CVE-2013-2266
 -- Marc Deslauriers <email address hidden>   Thu, 28 Mar 2013 15:04:57 -0400
Superseded in precise-updates on 2013-07-29
Superseded in precise-security on 2013-07-29
bind9 (1:9.8.1.dfsg.P1-4ubuntu0.6) precise-security; urgency=low

  * SECURITY UPDATE: denial of service via regex syntax checking
    - configure,configure.in,config.h.in: remove check for regex.h to
      disable regex syntax checking.
    - CVE-2013-2266
 -- Marc Deslauriers <email address hidden>   Thu, 28 Mar 2013 15:31:46 -0400
Obsolete in oneiric-updates on 2015-04-24
Obsolete in oneiric-security on 2015-04-24
bind9 (1:9.7.3.dfsg-1ubuntu4.6) oneiric-security; urgency=low

  * SECURITY UPDATE: denial of service via regex syntax checking
    - configure,configure.in,config.h.in: remove check for regex.h to
      disable regex syntax checking.
    - CVE-2013-2266
 -- Marc Deslauriers <email address hidden>   Thu, 28 Mar 2013 15:25:23 -0400
Superseded in lucid-updates on 2013-07-29
Superseded in lucid-security on 2013-07-29
bind9 (1:9.7.0.dfsg.P1-1ubuntu0.9) lucid-security; urgency=low

  * SECURITY UPDATE: denial of service via regex syntax checking
    - configure,configure.in,config.h.in: remove check for regex.h to
      disable regex syntax checking.
    - CVE-2013-2266
 -- Marc Deslauriers <email address hidden>   Thu, 28 Mar 2013 15:26:27 -0400
Superseded in quantal-updates on 2013-07-29
Superseded in quantal-security on 2013-07-29
bind9 (1:9.8.1.dfsg.P1-4.2ubuntu3.2) quantal-security; urgency=low

  * SECURITY UPDATE: denial of service via regex syntax checking
    - configure,configure.in,config.h.in: remove check for regex.h to
      disable regex syntax checking.
    - CVE-2013-2266
 -- Marc Deslauriers <email address hidden>   Thu, 28 Mar 2013 15:21:30 -0400
Superseded in raring-release on 2013-03-29
Deleted in raring-proposed on 2013-03-31 (Reason: moved to release)
bind9 (1:9.9.2.dfsg.P1-2) experimental; urgency=low


  [Michael Gilbert]

  * Use /var/lib/bind for state file.  Closes: #689332

  [LaMont Jones]

  * zone transfers now involve link(), update the apparmor profile
  * Update db.root with new IP for D.root-servers.net.  Closes: #697352
  * re-drop dlzexternal test
  * Reduce log level for "sucessfully validated after lower casing" dnssec
    based on mail from Mark Andrews.  Closes: #697681
  * remove /var/lib/bind/bind9-default.md5sum in postrm
  * remove /etc/bind/named.conf.options on purge.  Closes: #668801

  [Sebastian Wiesinger]

  * Build and deliver dnssec-checkds and dnssec-verify in bind9utils

 -- LaMont Jones <email address hidden>  Wed, 09 Jan 2013 10:09:40 -0700
76150 of 312 results