Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 615420 (CVE-2017-3136, CVE-2017-3137, CVE-2017-3138)

Summary: <net-dns/bind{-bind-tools}-{9.10.5,9.11.0_p5}: multiple vulnerabilities
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: blueness, gentoo, hlein, hydrapolic, idl0r
Priority: Normal Flags: stable-bot: sanity-check-
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.openwall.com/lists/oss-security/2017/04/13/1
Whiteboard: B3 [glsa blocked cve]
Package list:
=net-dns/bind-9.10.5 =net-dns/bind-9.11.0_p5 =net-dns/bind-tools-9.10.5 =net-dns/bind-tools-9.11.0_p5
Runtime testing required: ---
Bug Depends on: 597204, 600212, 621730    
Bug Blocks: 605454, 608740    

Description Agostino Sarubbo gentoo-dev 2017-04-13 07:02:46 UTC
From ${URL} :

Today Internet Systems Consortium disclosed three security
vulnerabilities in BIND which had been previously announced
to the distros@...ts.openwall.org list:

CVE-2017-3136, CVE-2017-3137, and CVE-2017-3138 are now public
and details can be found in our knowledge base:


https://kb.isc.org/category/74/0/10/Software-Products/BIND9/Security-Advisories/

New software releases have been issued containing these security fixes;
they are available from our download page at http://www.isc.org/downloads



@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Christian Ruppert (idl0r) gentoo-dev 2017-05-09 07:27:46 UTC
9.10.5 and 9.11.0_p5 have just been added. Would be cool if you could stabilize both versions and including bind-tools.

=net-dns/bind-9.10.5
=net-dns/bind-tools-9.10.5

=net-dns/bind-9.11.0_p5
=net-dns/bind-tools-9.11.0_p5
Comment 2 Yury German Gentoo Infrastructure gentoo-dev 2017-05-16 03:53:11 UTC
PPC Arch, since you are in the middle of removing keywords I added the stabilization request but please remove yourself as not sure where you are in the process.
Comment 3 Agostino Sarubbo gentoo-dev 2017-05-16 07:45:04 UTC
amd64 stable
Comment 4 Agostino Sarubbo gentoo-dev 2017-05-16 08:01:20 UTC
x86 stable
Comment 5 Agostino Sarubbo gentoo-dev 2017-05-16 13:06:07 UTC
ppc64 stable
Comment 6 Markus Meier gentoo-dev 2017-05-17 05:07:22 UTC
arm stable
Comment 7 Michael Weber (RETIRED) gentoo-dev 2017-05-17 12:18:00 UTC
ppc stable.
Comment 8 Agostino Sarubbo gentoo-dev 2017-05-22 11:41:00 UTC
sparc stable
Comment 9 Tobias Klausmann (RETIRED) gentoo-dev 2017-05-22 16:10:01 UTC
Stable on alpha.
Comment 10 Thomas Deutschmann gentoo-dev 2017-06-08 18:16:05 UTC
GLSA Vote: Yes!

New GLSA request filed.
Comment 11 Thomas Deutschmann gentoo-dev 2017-06-08 22:32:14 UTC
Moving hppa to this one.
Comment 12 Thomas Deutschmann gentoo-dev 2017-06-09 17:47:24 UTC
@ HPPA AT:

You probably have already noticed but all blocking bugs are now resolved so please proceed with stabilization so that we can send out the pending GLSA. Thanks!
Comment 13 Agostino Sarubbo gentoo-dev 2017-06-10 15:15:31 UTC
ia64 stable
Comment 14 Stabilization helper bot gentoo-dev 2017-06-25 19:00:41 UTC
An automated check of this bug failed - the following atoms are unknown:

net-dns/bind-tools-9.10.5
net-dns/bind-9.10.5

Please verify the atom list.
Comment 15 Stabilization helper bot gentoo-dev 2017-06-26 10:00:29 UTC
An automated check of this bug failed - the following atoms are unknown:

net-dns/bind-9.10.5
net-dns/bind-tools-9.10.5

Please verify the atom list.
Comment 16 Yury German Gentoo Infrastructure gentoo-dev 2017-06-27 02:45:00 UTC
Ping on the Bug, holding up GLSA release.
Comment 17 Thomas Deutschmann gentoo-dev 2017-06-28 11:18:32 UTC
Superseded by bug 621730. Moving stabilization.
Comment 18 GLSAMaker/CVETool Bot gentoo-dev 2017-08-17 03:03:22 UTC
This issue was resolved and addressed in
 GLSA 201708-01 at https://security.gentoo.org/glsa/201708-01
by GLSA coordinator Yury German (BlueKnight).