From $URL: CVE-2019-3806 An issue has been found in PowerDNS Recursor where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly bypassing security policies enforced using Lua. CVE-2019-3807 An issue has been found in PowerDNS Recursor where records in the answer section of responses received from authoritative servers with the AA flag not set were not properly validated, allowing an attacker to bypass DNSSEC validation.
The new version fails to build with USE=-protobuf, I'm waiting for upstream.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6fad89dca5912b9f36ea41977987b8e8ef6cc53f commit 6fad89dca5912b9f36ea41977987b8e8ef6cc53f Author: Sven Wegener <swegener@gentoo.org> AuthorDate: 2019-01-21 15:21:45 +0000 Commit: Sven Wegener <swegener@gentoo.org> CommitDate: 2019-01-21 15:22:20 +0000 net-dns/pdns-recursor: Version bump, security bug #675968 Bug: https://bugs.gentoo.org/675968 Signed-off-by: Sven Wegener <swegener@gentoo.org> Package-Manager: Portage-2.3.51, Repoman-2.3.11 net-dns/pdns-recursor/Manifest | 1 + .../files/pdns-recursor-4.1.9-protobuf-fix.patch | 32 +++++++++ net-dns/pdns-recursor/pdns-recursor-4.1.9.ebuild | 82 ++++++++++++++++++++++ 3 files changed, 115 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=21976f093bc676d0b073c93e426c080d78e05f63 commit 21976f093bc676d0b073c93e426c080d78e05f63 Author: Sven Wegener <swegener@gentoo.org> AuthorDate: 2019-01-23 07:54:03 +0000 Commit: Sven Wegener <swegener@gentoo.org> CommitDate: 2019-01-23 07:54:03 +0000 net-dns/pdns-recursor: Stable on amd64/x86, bug #675968 Bug: https://bugs.gentoo.org/675968 Signed-off-by: Sven Wegener <swegener@gentoo.org> Package-Manager: Portage-2.3.51, Repoman-2.3.11 net-dns/pdns-recursor/pdns-recursor-4.1.9.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
