* [Buildroot] [PATCH] package/bind: security bump to version 9.11.13
@ 2019-11-24 20:59 Peter Korsgaard
2019-11-25 14:15 ` Peter Korsgaard
2019-12-03 12:24 ` Peter Korsgaard
0 siblings, 2 replies; 3+ messages in thread
From: Peter Korsgaard @ 2019-11-24 20:59 UTC (permalink / raw)
To: buildroot
Fixes the following security vulnerabilities:
- CVE-2019-6477: TCP-pipelined queries can bypass tcp-clients limit
For details, see the release notes:
https://downloads.isc.org/isc/bind9/9.11.13/RELEASE-NOTES-bind-9.11.13.html
(9.11.11..12 were not released)
Upstream moved to a 2019-2020 signing key, so update comment in hash file.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
package/bind/bind.hash | 6 +++---
package/bind/bind.mk | 2 +-
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/package/bind/bind.hash b/package/bind/bind.hash
index 999c6602a8..53b5ce3a47 100644
--- a/package/bind/bind.hash
+++ b/package/bind/bind.hash
@@ -1,4 +1,4 @@
-# Verified from https://ftp.isc.org/isc/bind9/9.11.10/bind-9.11.10.tar.gz.asc
-# with key 156890685EA0DF6A1371EF2017CC5DB1F0088407
-sha256 b2bb840cda20e6771ae8c054007b4ec12e1bb6aa6bfe79102890eb94956a70c3 bind-9.11.10.tar.gz
+# Verified from https://ftp.isc.org/isc/bind9/9.11.13/bind-9.11.13.tar.gz.asc
+# with key AE3FAC796711EC59FC007AA474BB6B9A4CBB3D38
+sha256 fd3f3cc9fcfcdaa752db35eb24598afa1fdcc2509d3227fc90a8631b7b400f7d bind-9.11.13.tar.gz
sha256 cd02c93b8dcda794f55dfd1231828d69633072a98eee4874f9cf732d22d9dcde COPYRIGHT
diff --git a/package/bind/bind.mk b/package/bind/bind.mk
index 08cad22d42..2d75f58b3f 100644
--- a/package/bind/bind.mk
+++ b/package/bind/bind.mk
@@ -4,7 +4,7 @@
#
################################################################################
-BIND_VERSION = 9.11.10
+BIND_VERSION = 9.11.13
BIND_SITE = https://ftp.isc.org/isc/bind9/$(BIND_VERSION)
# bind does not support parallel builds.
BIND_MAKE = $(MAKE1)
--
2.20.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [Buildroot] [PATCH] package/bind: security bump to version 9.11.13
2019-11-24 20:59 [Buildroot] [PATCH] package/bind: security bump to version 9.11.13 Peter Korsgaard
@ 2019-11-25 14:15 ` Peter Korsgaard
2019-12-03 12:24 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2019-11-25 14:15 UTC (permalink / raw)
To: buildroot
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:
> Fixes the following security vulnerabilities:
> - CVE-2019-6477: TCP-pipelined queries can bypass tcp-clients limit
> For details, see the release notes:
> https://downloads.isc.org/isc/bind9/9.11.13/RELEASE-NOTES-bind-9.11.13.html
> (9.11.11..12 were not released)
> Upstream moved to a 2019-2020 signing key, so update comment in hash file.
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Committed, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Buildroot] [PATCH] package/bind: security bump to version 9.11.13
2019-11-24 20:59 [Buildroot] [PATCH] package/bind: security bump to version 9.11.13 Peter Korsgaard
2019-11-25 14:15 ` Peter Korsgaard
@ 2019-12-03 12:24 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2019-12-03 12:24 UTC (permalink / raw)
To: buildroot
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:
> Fixes the following security vulnerabilities:
> - CVE-2019-6477: TCP-pipelined queries can bypass tcp-clients limit
> For details, see the release notes:
> https://downloads.isc.org/isc/bind9/9.11.13/RELEASE-NOTES-bind-9.11.13.html
> (9.11.11..12 were not released)
> Upstream moved to a 2019-2020 signing key, so update comment in hash file.
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Committed to 2019.02.x and 2019.08.x, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2019-12-03 12:24 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-11-24 20:59 [Buildroot] [PATCH] package/bind: security bump to version 9.11.13 Peter Korsgaard
2019-11-25 14:15 ` Peter Korsgaard
2019-12-03 12:24 ` Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.