[Pkg-dns-devel] Bug#830806: Bug#830806: nsd: CVE-2016-6173: Improper restriction of zone size limit
Ondřej Surý
ondrej at sury.org
Mon Jul 11 18:36:07 UTC 2016
Hi Salvatore,
the common agreement between DNS Vendors (that includes me) is that this
shouldn't have been assigned CVE as it is an operational issue as you
have an established trust between DNS master-slave for transfers. (And
all DNS servers are affected.)
I don't think this really needs update in stable, but I would like to
hear whether you think otherwise.
Cheers,
--
Ondřej Surý <ondrej at sury.org>
Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server
Knot Resolver (https://www.knot-resolver.cz/) – secure, privacy-aware,
fast DNS(SEC) resolver
Vše pro chleba (https://vseprochleba.cz) – Potřeby pro pečení chleba
všeho druhu
On Mon, Jul 11, 2016, at 20:30, Salvatore Bonaccorso wrote:
> Source: nsd
> Version: 4.1.10-1
> Severity: important
> Tags: security upstream patch
> Forwarded: https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=790
>
> Hi,
>
> the following vulnerability was published for nsd.
>
> CVE-2016-6173[0]:
> Improper restriction of zone size limit
>
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
>
> For further information see:
>
> [0] https://security-tracker.debian.org/tracker/CVE-2016-6173
> [1] https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=790
>
> Please adjust the affected versions in the BTS as needed.
>
> Regards,
> Salvatore
>
> -- System Information:
> Debian Release: stretch/sid
> APT prefers unstable
> APT policy: (500, 'unstable'), (1, 'experimental')
> Architecture: amd64 (x86_64)
>
> Kernel: Linux 4.6.0-1-amd64 (SMP w/4 CPU cores)
> Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
> Init: systemd (via /run/systemd/system)
>
> _______________________________________________
> pkg-dns-devel mailing list
> pkg-dns-devel at lists.alioth.debian.org
> https://lists.alioth.debian.org/mailman/listinfo/pkg-dns-devel
More information about the pkg-dns-devel
mailing list