Files
packages/net
Noah Meyerhans f648f3766f bind: Update to bind-9.10.5
This change includes fixes for several security issues:

  * CVE-2017-3138: rndc "" could trigger an assertion failure in named.
  * CVE-2017-3137: Some chaining (i.e., type CNAME or DNAME) responses to
    upstream queries could trigger assertion failures.
  * CVE-2017-3136: dns64 with break-dnssec yes; can result in an assertion
    failure.
  * CVE-2017-3135: If a server is configured with a response policy zone
    (RPZ) that rewrites an answer with local data, and is also configured
    for DNS64 address mapping, a NULL pointer can be read triggering a
    server crash.
  * CVE-2016-9444: named could mishandle authority sections with missing
    RRSIGs, triggering an assertion failure.
  * CVE-2016-9131: named mishandled some responses where covering RRSIG
    records were returned without the requested data, resulting in an
    assertion failure.
  * CVE-2016-9131: named incorrectly tried to cache TKEY records which could
    trigger an assertion failure when there was a class mismatch.
  * CVE-2016-8864: It was possible to trigger assertions when processing
    responses containing answers of type DNAME.
  * CVE-2016-6170: Added the ability to specify the maximum number of
    records permitted in a zone (max-records #;). This provides a mechanism
    to block overly large zone transfers, which is a potential risk with
    slave zones from other parties.
  * CVE-2016-2776: It was possible to trigger an assertion when rendering a
    message using a specially crafted request.
  * CVE-2016-2775: Calling getrrsetbyname() with a non absolute name could
    trigger an infinite recursion bug in lwresd or named with lwres
    configured if, when combined with a search list entry from resolv.conf,
    the resulting name is too long.

Signed-off-by: Noah Meyerhans <frodo@morgul.net>
2017-11-19 17:33:49 +01:00
..
2016-11-27 20:31:08 +02:00
2015-08-17 14:37:14 +02:00
2015-02-24 22:41:53 +01:00
2015-04-08 17:07:52 +00:00
2017-11-19 17:33:49 +01:00
2015-11-24 12:41:54 -05:00
2014-06-16 11:38:45 +02:00
2016-07-09 16:11:53 -04:00
2014-07-06 22:03:21 +02:00
2015-01-29 07:10:11 +01:00
2016-05-12 10:46:02 +03:00
2015-04-12 20:54:38 +02:00
2016-11-10 18:47:56 +01:00
2016-07-01 10:40:58 +01:00
2015-02-24 17:43:36 +01:00
2014-10-18 23:00:03 +02:00
2015-04-06 13:17:44 +02:00
2015-09-08 11:33:46 +02:00
2015-07-26 18:27:01 +02:00
2015-03-19 22:48:56 +01:00
2014-09-29 15:38:51 -07:00
2014-11-05 08:34:30 +01:00
2014-09-23 20:58:43 +02:00
2015-05-04 17:55:00 +02:00
2014-06-04 07:01:48 +02:00
2015-01-11 23:56:55 +00:00
2015-07-23 13:51:04 +02:00
2017-01-05 22:34:24 +01:00
2015-08-03 18:13:58 +02:00
2014-12-03 13:41:12 +00:00
2015-04-20 11:02:18 +03:00
2016-01-25 20:22:58 +01:00
2014-09-16 02:06:09 +01:00
2014-09-16 02:06:37 +01:00
2014-09-16 02:06:22 +01:00
2017-02-12 10:31:55 +01:00
2016-06-16 22:36:03 +02:00
2016-01-16 11:46:32 +01:00
2014-08-03 23:28:28 +02:00
2015-04-16 16:05:55 +02:00
2015-11-18 21:49:25 +01:00
2014-09-16 02:23:48 +01:00
2015-02-15 19:43:16 +02:00
2014-08-13 14:04:05 +08:00
2015-05-20 19:10:01 +02:00
2015-03-03 06:39:43 -05:00
2015-03-29 14:49:53 +02:00
2016-02-16 12:33:11 +01:00
2016-01-13 00:59:37 +01:00
2015-01-23 01:11:24 +01:00
2014-09-16 01:37:29 +01:00
2015-03-15 18:15:18 +00:00
2015-09-07 11:11:22 +02:00
2015-04-03 10:20:18 +02:00
2014-08-11 12:37:29 +02:00
2016-01-16 20:42:48 +01:00
2015-06-21 12:00:17 +02:00
2015-05-28 16:09:01 +02:00
2015-09-03 17:38:22 +02:00
2015-12-20 19:31:50 +02:00
2015-07-22 09:47:48 +02:00
2015-12-15 17:24:30 +02:00
2015-03-12 01:48:05 +03:00
2015-10-02 08:43:14 +08:00
2015-04-12 14:06:35 +02:00