Debian Bug report logs - #690118
CVE-2012-5166: Specially crafted DNS data can cause a lockup in named

version graph

Package: bind9; Maintainer for bind9 is LaMont Jones <lamont@debian.org>; Source for bind9 is src:bind9.

Reported by: Henri Salo <henri@nerv.fi>

Date: Wed, 10 Oct 2012 07:33:01 UTC

Severity: important

Tags: security

Found in version bind9/1:9.7.3.dfsg-1~squeeze7

Fixed in version 1:9.7.3.dfsg-1~squeeze8

Done: Bernhard Schmidt <berni@birkenwald.de>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, LaMont Jones <lamont@debian.org>:
Bug#690118; Package bind9. (Wed, 10 Oct 2012 07:33:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Henri Salo <henri@nerv.fi>:
New Bug report received and forwarded. Copy sent to LaMont Jones <lamont@debian.org>. (Wed, 10 Oct 2012 07:33:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Henri Salo <henri@nerv.fi>
To: submit@bugs.debian.org
Subject: CVE-2012-5166: Specially crafted DNS data can cause a lockup in named
Date: Wed, 10 Oct 2012 10:30:17 +0300
Package: bind9
Version: 1:9.7.3.dfsg-1~squeeze7
Severity: important
Tags: security

References:
https://www.isc.org/software/bind/advisories/cve-2012-5166
https://kb.isc.org/article/AA-00801

- Henri Salo



Reply sent to Bernhard Schmidt <berni@birkenwald.de>:
You have taken responsibility. (Sat, 27 Oct 2012 21:09:06 GMT) Full text and rfc822 format available.

Notification sent to Henri Salo <henri@nerv.fi>:
Bug acknowledged by developer. (Sat, 27 Oct 2012 21:09:06 GMT) Full text and rfc822 format available.

Message #10 received at 690118-done@bugs.debian.org (full text, mbox):

From: Bernhard Schmidt <berni@birkenwald.de>
To: 690118-done@bugs.debian.org
Subject: Re: CVE-2012-5166: Specially crafted DNS data can cause a lockup in named
Date: Sat, 27 Oct 2012 23:06:11 +0200
Version: 1:9.7.3.dfsg-1~squeeze8

> References:
> https://www.isc.org/software/bind/advisories/cve-2012-5166
> https://kb.isc.org/article/AA-00801

This has been fixed for Squeeze in 1:9.7.3.dfsg-1~squeeze8

bind9 (1:9.7.3.dfsg-1~squeeze8) squeeze-security; urgency=high

   * Apply patch extracted from 9.7.6-P4 to fix CVE-2012-5166

 -- Florian Weimer <fw@deneb.enyo.de>  Sat, 20 Oct 2012 19:39:32 +0200 

The bug still affects Wheezy (#690142)

Bernhard



Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 25 Nov 2012 07:26:06 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Apr 19 14:40:17 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.