Debian Bug report logs - #704174
CVE-2013-2266

version graph

Package: src:bind9; Maintainer for src:bind9 is LaMont Jones <lamont@debian.org>;

Reported by: Wolfgang Walter <wolfgang.walter@stwm.de>

Date: Thu, 28 Mar 2013 21:39:02 UTC

Severity: grave

Tags: security

Found in versions bind9/1:9.7.3.dfsg-1, bind9/1:9.8.4.dfsg.P1-6

Fixed in version bind9/1:9.8.4.dfsg.P1-6+nmu1

Done: Michael Gilbert <mgilbert@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, LaMont Jones <lamont@debian.org>:
Bug#704174; Package src:bind9. (Thu, 28 Mar 2013 21:39:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Wolfgang Walter <wolfgang.walter@stwm.de>:
New Bug report received and forwarded. Copy sent to LaMont Jones <lamont@debian.org>. (Thu, 28 Mar 2013 21:39:06 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Wolfgang Walter <wolfgang.walter@stwm.de>
To: submit@bugs.debian.org
Subject: CVE-2013-2266
Date: Thu, 28 Mar 2013 22:30:24 +0100
Package: src:bind9
Version: 1:9.8.4.dfsg.P1-6
Severity: grave

http://cxsecurity.com/issue/WLB-2013030255
https://kb.isc.org/article/AA-00879

This bug also affects all programs which use libdns.

Regards,
-- 
Wolfgang Walter



Information forwarded to debian-bugs-dist@lists.debian.org, LaMont Jones <lamont@debian.org>:
Bug#704174; Package src:bind9. (Fri, 29 Mar 2013 01:45:07 GMT) Full text and rfc822 format available.

Acknowledgement sent to Michael Gilbert <mgilbert@debian.org>:
Extra info received and forwarded to list. Copy sent to LaMont Jones <lamont@debian.org>. (Fri, 29 Mar 2013 01:45:07 GMT) Full text and rfc822 format available.

Message #10 received at 704174@bugs.debian.org (full text, mbox):

From: Michael Gilbert <mgilbert@debian.org>
To: 699145@bugs.debian.org, 704174@bugs.debian.org
Subject: Security nmu
Date: Thu, 28 Mar 2013 21:42:08 -0400
[Message part 1 (text/plain, inline)]
Hi,

I've uploaded an nmu fixing these issues.  Please see attached patch.

Best wishes,
Mike
[Message part 2 (text/html, inline)]
[bind9.patch (application/octet-stream, attachment)]

Reply sent to Michael Gilbert <mgilbert@debian.org>:
You have taken responsibility. (Fri, 29 Mar 2013 01:51:09 GMT) Full text and rfc822 format available.

Notification sent to Wolfgang Walter <wolfgang.walter@stwm.de>:
Bug acknowledged by developer. (Fri, 29 Mar 2013 01:51:09 GMT) Full text and rfc822 format available.

Message #15 received at 704174-close@bugs.debian.org (full text, mbox):

From: Michael Gilbert <mgilbert@debian.org>
To: 704174-close@bugs.debian.org
Subject: Bug#704174: fixed in bind9 1:9.8.4.dfsg.P1-6+nmu1
Date: Fri, 29 Mar 2013 01:47:48 +0000
Source: bind9
Source-Version: 1:9.8.4.dfsg.P1-6+nmu1

We believe that the bug you reported is fixed in the latest version of
bind9, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 704174@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Gilbert <mgilbert@debian.org> (supplier of updated bind9 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 29 Mar 2013 00:47:25 +0000
Source: bind9
Binary: bind9 bind9utils bind9-doc host bind9-host libbind-dev libbind9-80 libdns88 libisc84 liblwres80 libisccc80 libisccfg82 dnsutils lwresd
Architecture: source all amd64
Version: 1:9.8.4.dfsg.P1-6+nmu1
Distribution: unstable
Urgency: high
Maintainer: LaMont Jones <lamont@debian.org>
Changed-By: Michael Gilbert <mgilbert@debian.org>
Description: 
 bind9      - Internet Domain Name Server
 bind9-doc  - Documentation for BIND
 bind9-host - Version of 'host' bundled with BIND 9.X
 bind9utils - Utilities for BIND
 dnsutils   - Clients provided with BIND
 host       - Transitional package
 libbind-dev - Static Libraries and Headers used by BIND
 libbind9-80 - BIND9 Shared Library used by BIND
 libdns88   - DNS Shared Library used by BIND
 libisc84   - ISC Shared Library used by BIND
 libisccc80 - Command Channel Library used by BIND
 libisccfg82 - Config File Handling Library used by BIND
 liblwres80 - Lightweight Resolver Library used by BIND
 lwresd     - Lightweight Resolver Daemon
Closes: 699145 704174
Changes: 
 bind9 (1:9.8.4.dfsg.P1-6+nmu1) unstable; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Fix cve-2012-5689: issue in nameservers using DNS64 to perform a AAAA
     lookup for a record with an A record overwrite rule in a Response Policy
     Zone (closes: #699145).
   * Fix cve-2013-2266: issues in regular expression handling (closes: #704174).
Checksums-Sha1: 
 f457875fbf5d57fe6f0f81f81a88503bfc302a80 3304 bind9_9.8.4.dfsg.P1-6+nmu1.dsc
 2564dd0178d84acb34e98a3435d0ddffa6e6f730 672591 bind9_9.8.4.dfsg.P1-6+nmu1.diff.gz
 b65354a9acf91e94e66da504f4ecef3741135cce 364768 bind9-doc_9.8.4.dfsg.P1-6+nmu1_all.deb
 ce69383565d451b1612687230bfe3092834b9d92 19994 host_9.8.4.dfsg.P1-6+nmu1_all.deb
 d84084bf4d74b1da96793d6fb5e147992630d303 369032 bind9_9.8.4.dfsg.P1-6+nmu1_amd64.deb
 2d32f80f456aa862b6a0edc4a17b539c3015ad7a 125078 bind9utils_9.8.4.dfsg.P1-6+nmu1_amd64.deb
 2029c70d2fea3612d1050324ea9057a30e9a7c60 71148 bind9-host_9.8.4.dfsg.P1-6+nmu1_amd64.deb
 4277a5a50e5ec6b2b351b491d585f2ce32986eb9 1579578 libbind-dev_9.8.4.dfsg.P1-6+nmu1_amd64.deb
 036d6da5c9caea1a1c875a813472d16dd7827ea8 41672 libbind9-80_9.8.4.dfsg.P1-6+nmu1_amd64.deb
 e1730d8cb8d3f13dd41b2af89b13e980f37d8f9d 748172 libdns88_9.8.4.dfsg.P1-6+nmu1_amd64.deb
 da9e94e5f629afff3340a07004bcdad4788689cd 182766 libisc84_9.8.4.dfsg.P1-6+nmu1_amd64.deb
 b15901bd1d0645c67045bbe4d7d477e2797dbcbf 54666 liblwres80_9.8.4.dfsg.P1-6+nmu1_amd64.deb
 d4e2ea1d8abcbe797ff2e0d84bf58e4090caca86 35310 libisccc80_9.8.4.dfsg.P1-6+nmu1_amd64.deb
 44272ba792ca15d5db5c45b465455bf53932ad81 62792 libisccfg82_9.8.4.dfsg.P1-6+nmu1_amd64.deb
 cea72bd7576339d45608e848a3fc025abbfe0698 162284 dnsutils_9.8.4.dfsg.P1-6+nmu1_amd64.deb
 654912b28caa421041b5c34a91cf3526164c194d 248726 lwresd_9.8.4.dfsg.P1-6+nmu1_amd64.deb
Checksums-Sha256: 
 943e83e3c2ffdff47632d1117485d159b46c0782e32d37bdf4d2ce126d0383ab 3304 bind9_9.8.4.dfsg.P1-6+nmu1.dsc
 326ff1b62ef9ad5d4f33de7c43f914a782ebe43097a18636f49d99f243ea1bec 672591 bind9_9.8.4.dfsg.P1-6+nmu1.diff.gz
 c0e942632f274fb34f7fbeea7a194fbfef846a989a7572607ad9e11fba2127f6 364768 bind9-doc_9.8.4.dfsg.P1-6+nmu1_all.deb
 f87711154e3820140b0a6234c23f86414a681062bab79c7fe71ffe03792efc72 19994 host_9.8.4.dfsg.P1-6+nmu1_all.deb
 a0a6a4f30bacaa446d3f95c5442b6551c67f83988d22a165c380550b80bff4f2 369032 bind9_9.8.4.dfsg.P1-6+nmu1_amd64.deb
 e4e330b15a5d4a6973505f7331a00a146e24082e03d23a791ebde8d2f0e8c73a 125078 bind9utils_9.8.4.dfsg.P1-6+nmu1_amd64.deb
 3e49a9a848137cf1d6ace6bc5b642f0b98c76a0381a22a9cbed6db6092b49cb1 71148 bind9-host_9.8.4.dfsg.P1-6+nmu1_amd64.deb
 09a011b61e52e4fba958ee84e9fa5edc6234ad31ff658a0ab64288fb47fe77b9 1579578 libbind-dev_9.8.4.dfsg.P1-6+nmu1_amd64.deb
 c95c5adb033532b16ee5da87414f00a64065a04626bc1292809ab0d954209531 41672 libbind9-80_9.8.4.dfsg.P1-6+nmu1_amd64.deb
 bad7b27a21bf46ac39afac997530fdc29f8fe47e9aea8879321d6d77e40b9acc 748172 libdns88_9.8.4.dfsg.P1-6+nmu1_amd64.deb
 896bf13aaf528e51a56d5b5bf72660a6139bbcc97b2b98efe4dc5438b4194a41 182766 libisc84_9.8.4.dfsg.P1-6+nmu1_amd64.deb
 81589db972fd53ca5eef9266d120030aff714168a475720fff2ac426706f488e 54666 liblwres80_9.8.4.dfsg.P1-6+nmu1_amd64.deb
 abb7b313efe7261e5077c1d227aff3ca5f86a7528a8e73d0a6c7f63b239080a1 35310 libisccc80_9.8.4.dfsg.P1-6+nmu1_amd64.deb
 8e7aa4e3e8ef025f561ebb3552c99c066b99d927749160b0b11dd22e433bc457 62792 libisccfg82_9.8.4.dfsg.P1-6+nmu1_amd64.deb
 9dcff8dfff71bcda885d9fe520af07ee1bf591f2dfbe8bad34433a27fab025eb 162284 dnsutils_9.8.4.dfsg.P1-6+nmu1_amd64.deb
 1ccad8e41934c2c0fd3bca42439338b4cd0e589f9f97b3a5437c53dd33122e22 248726 lwresd_9.8.4.dfsg.P1-6+nmu1_amd64.deb
Files: 
 a2017ee24f43003f11a2b14abcbed974 3304 net optional bind9_9.8.4.dfsg.P1-6+nmu1.dsc
 8c0eb8af60ae9b68983f861a2245acf1 672591 net optional bind9_9.8.4.dfsg.P1-6+nmu1.diff.gz
 0bce44d35ba55e4f9e542b3ba5ec86ed 364768 doc optional bind9-doc_9.8.4.dfsg.P1-6+nmu1_all.deb
 7f9fba23c92b8e8a5a5ec7627277fa81 19994 net standard host_9.8.4.dfsg.P1-6+nmu1_all.deb
 17cd400dcd220477d7b7d50a911d9d57 369032 net optional bind9_9.8.4.dfsg.P1-6+nmu1_amd64.deb
 2074e87eb83c0e7458a1517b36f0544e 125078 net optional bind9utils_9.8.4.dfsg.P1-6+nmu1_amd64.deb
 6f350122b1c2e764054ac24a01da1e08 71148 net standard bind9-host_9.8.4.dfsg.P1-6+nmu1_amd64.deb
 fae8963b49abe9a0c1e1dd4b84f5d004 1579578 libdevel optional libbind-dev_9.8.4.dfsg.P1-6+nmu1_amd64.deb
 c583e885f1d2ab77c54abd29a40e67e3 41672 libs standard libbind9-80_9.8.4.dfsg.P1-6+nmu1_amd64.deb
 19f16159dfc4af2ee7285613dd9606de 748172 libs standard libdns88_9.8.4.dfsg.P1-6+nmu1_amd64.deb
 a20b7f6b4403508972e59c3c2302037e 182766 libs standard libisc84_9.8.4.dfsg.P1-6+nmu1_amd64.deb
 9bd3cc91ed15a21acf99624482d2b493 54666 libs standard liblwres80_9.8.4.dfsg.P1-6+nmu1_amd64.deb
 20a8ca1c00ab436d186b83bffe571b6e 35310 libs optional libisccc80_9.8.4.dfsg.P1-6+nmu1_amd64.deb
 7a881ce1a2c48a2a5e168dc094b9380f 62792 libs optional libisccfg82_9.8.4.dfsg.P1-6+nmu1_amd64.deb
 351a75d65f1eb854ed478d6633927f56 162284 net standard dnsutils_9.8.4.dfsg.P1-6+nmu1_amd64.deb
 8a03e699044bf7775fc8d067660058c4 248726 net optional lwresd_9.8.4.dfsg.P1-6+nmu1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQQcBAEBCAAGBQJRVPDZAAoJELjWss0C1vRzhWgf/2jXc8RVGnoX9I4NSHy7ITlR
0rsjZ+8GYhnzruyDTj3aTcYMRfh4IvVjiGjqkHObT37+H0u1v6nE45ZpBH1sYtX+
6mLMwUxJT9w4ho33OBsoqyBfPEkMaUdwz6jaRd6zqVNQcb4jhWjSIArpd11iZ9gv
+B+mKxPZM/H5prRInBebR0He/NKgle3DF58Ur/lNKxsWWjUshT3uwmcuymXcO6cz
I4UBqTMrjKtcfZ1hsVw5MJk1ECHH5eAJB2VpEM/4uAKTyVJKKT9AacP5yUvtzIQc
xOFwDNZ+1Z9qGKGG/cR+nxyhBjhUYTA4hH3QBy3+Xjwy25M8Xic9hTMGha/BmHf5
ShCs1r+hvYrbVRHA3UH5LKz9JBa0Rhc1sA3DJbw72fatAbuBXUX3ZQE0RXe5TB+v
k603LMZsHbsyqYbCeDafptLHnNAEMmHSjEi4cxijssXpFfqf9xUgQJm/kNTIYd8W
t0i58EcTUlJJWe9HsifuiZPwrKLokeK6oAXgqQg52pSz/kNEqbQtKIm7c/Ij585T
V26ciCHja85691QXVkCwm2/0rQti7JmpAK/UA4DSSVakqumnU3OkKF3fypphIiRr
3rfEPTZ9mpB7zZP4QPDnS3ClugIFEuCrrlNqYdmS9BT3HEaHmp6W+2BI6B1INCRp
kc8H5Hu07YQ2nHw7AU/J4GqTWRsfEES+Ah3RarOsWVTJGU+aKwtoSvw8AWzzGm9a
rHVtqhIq1Y7EIQjpjabpS+Cvt68hYzy9tlqcjVuMfxwg9B9/w6SFOE77kV/4I30o
pVe/QmOxDcK0Y6En1nIYHJGnMLFkmp7d5fWHjpaOLzrMWK9iq1VoKtddDIayuF2E
LMbrdJJA+WJqH7+XkKIPfXy9PjKdAUlYg2Tl0YIXqfZenzXY8bXYATsMzHDRbeMe
ntqyC2Th4+xFhQ7B0jSMptPQ4av7oNrsispPeQ4BMhRjAT/18h7/QCg2PRnCljE8
6C4+3yjUfxOjhl3hJ4723aK9TTnggigr7Sv9vq7xHrDuAXFs9oEmWL+f6qWIrD3E
bQ8MomK+qvUb3g8i2M81HJtydo3ASTR2Cs9CiERddJjFTbbQNkqXDlGR5nqQO/67
30kgeJTovyuYsaqk/TzxODFhOR4K4/c0rPU9ZhjcXg7wni7ELm0dApTzLBVY+esD
SGK87EQch1xoG0zLeFMDZpmKDr6BdvJQ9FsSbICh/UwRO2VmZclxthapPjffWWDM
JH+ZMyroXYGASue9Vz2LKbQLmiuwIKrV6+BgWiY+dkqfKPuyHn/w+6g9huT2Aixd
K9BCBmiYVdojmX308AwMPlsHW+2B8/f/ZSP7rk7SdINSzu+dmcvZf+DOy1OScjE=
=53AZ
-----END PGP SIGNATURE-----




Added tag(s) security. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Fri, 29 Mar 2013 05:15:04 GMT) Full text and rfc822 format available.

Marked as found in versions bind9/1:9.7.3.dfsg-1. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Fri, 29 Mar 2013 05:15:04 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, LaMont Jones <lamont@debian.org>:
Bug#704174; Package src:bind9. (Fri, 29 Mar 2013 08:21:07 GMT) Full text and rfc822 format available.

Acknowledgement sent to Richard van den Berg <richard@vdberg.org>:
Extra info received and forwarded to list. Copy sent to LaMont Jones <lamont@debian.org>. (Fri, 29 Mar 2013 08:21:07 GMT) Full text and rfc822 format available.

Message #24 received at 704174@bugs.debian.org (full text, mbox):

From: Richard van den Berg <richard@vdberg.org>
To: "704174@bugs.debian.org" <704174@bugs.debian.org>
Cc: "debian-security@lists.debian.org" <debian-security@lists.debian.org>
Subject: CVE-2013-2266 fix for bind9 in stable?
Date: Fri, 29 Mar 2013 09:16:53 +0100
[Message part 1 (text/plain, inline)]
Thanks a lot for the quick fix. Will bind9 9.7.3.dfsg-1 in stable also be fixed? I don't see any reports on http://www.debian.org/security/#DSAS and http://lists.debian.org/debian-security-announce/2013/threads.html

Kind regards,

Richard van den Berg
[Message part 2 (text/html, inline)]

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 02 Jun 2013 08:16:05 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Apr 19 06:33:14 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.