Bug 615420 (CVE-2017-3136, CVE-2017-3137, CVE-2017-3138)

Summary:	<net-dns/bind{-bind-tools}-{9.10.5,9.11.0_p5}: multiple vulnerabilities
Product:	Gentoo Security	Reporter:	Agostino Sarubbo <ago>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	minor	CC:	arthur, blueness, hlein, hydrapolic, idl0r
Priority:	Normal	Flags:	stable-bot: sanity-check-
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://www.openwall.com/lists/oss-security/2017/04/13/1
Whiteboard:	B3 [glsa blocked cve]
Package list:	=net-dns/bind-9.10.5 =net-dns/bind-9.11.0_p5 =net-dns/bind-tools-9.10.5 =net-dns/bind-tools-9.11.0_p5	Runtime testing required:	---
Bug Depends on:	597204, 600212, 621730
Bug Blocks:	605454, 608740

Description Agostino Sarubbo gentoo-dev

2017-04-13 07:02:46 UTC

From ${URL} :

Today Internet Systems Consortium disclosed three security
vulnerabilities in BIND which had been previously announced
to the distros@...ts.openwall.org list:

CVE-2017-3136, CVE-2017-3137, and CVE-2017-3138 are now public
and details can be found in our knowledge base:


https://kb.isc.org/category/74/0/10/Software-Products/BIND9/Security-Advisories/

New software releases have been issued containing these security fixes;
they are available from our download page at http://www.isc.org/downloads



@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.

Comment 1 Christian Ruppert (idl0r) gentoo-dev

2017-05-09 07:27:46 UTC

9.10.5 and 9.11.0_p5 have just been added. Would be cool if you could stabilize both versions and including bind-tools.

=net-dns/bind-9.10.5
=net-dns/bind-tools-9.10.5

=net-dns/bind-9.11.0_p5
=net-dns/bind-tools-9.11.0_p5

Comment 2 Yury German Gentoo Infrastructure

2017-05-16 03:53:11 UTC

PPC Arch, since you are in the middle of removing keywords I added the stabilization request but please remove yourself as not sure where you are in the process.

Comment 3 Agostino Sarubbo gentoo-dev

2017-05-16 07:45:04 UTC

amd64 stable

Comment 4 Agostino Sarubbo gentoo-dev

2017-05-16 08:01:20 UTC

x86 stable

Comment 5 Agostino Sarubbo gentoo-dev

2017-05-16 13:06:07 UTC

ppc64 stable

Comment 6 Markus Meier gentoo-dev

2017-05-17 05:07:22 UTC

arm stable

Comment 7 Michael Weber (RETIRED) gentoo-dev

2017-05-17 12:18:00 UTC

ppc stable.

Comment 8 Agostino Sarubbo gentoo-dev

2017-05-22 11:41:00 UTC

sparc stable

Comment 9 Tobias Klausmann (RETIRED) gentoo-dev

2017-05-22 16:10:01 UTC

Stable on alpha.

Comment 10 Thomas Deutschmann (RETIRED) gentoo-dev

2017-06-08 18:16:05 UTC

GLSA Vote: Yes!

New GLSA request filed.

Comment 11 Thomas Deutschmann (RETIRED) gentoo-dev

2017-06-08 22:32:14 UTC

Moving hppa to this one.

Comment 12 Thomas Deutschmann (RETIRED) gentoo-dev

2017-06-09 17:47:24 UTC

@ HPPA AT:

You probably have already noticed but all blocking bugs are now resolved so please proceed with stabilization so that we can send out the pending GLSA. Thanks!

Comment 13 Agostino Sarubbo gentoo-dev

2017-06-10 15:15:31 UTC

ia64 stable

Comment 14 Stabilization helper bot gentoo-dev

2017-06-25 19:00:41 UTC

An automated check of this bug failed - the following atoms are unknown:

net-dns/bind-tools-9.10.5
net-dns/bind-9.10.5

Please verify the atom list.

Comment 15 Stabilization helper bot gentoo-dev

2017-06-26 10:00:29 UTC

An automated check of this bug failed - the following atoms are unknown:

net-dns/bind-9.10.5
net-dns/bind-tools-9.10.5

Please verify the atom list.

Comment 16 Yury German Gentoo Infrastructure

2017-06-27 02:45:00 UTC

Ping on the Bug, holding up GLSA release.

Comment 17 Thomas Deutschmann (RETIRED) gentoo-dev

2017-06-28 11:18:32 UTC

Superseded by bug 621730. Moving stabilization.

Comment 18 GLSAMaker/CVETool Bot gentoo-dev

2017-08-17 03:03:22 UTC

This issue was resolved and addressed in
 GLSA 201708-01 at https://security.gentoo.org/glsa/201708-01
by GLSA coordinator Yury German (BlueKnight).