Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 615420 (CVE-2017-3136, CVE-2017-3137, CVE-2017-3138) - <net-dns/bind{-bind-tools}-{9.10.5,9.11.0_p5}: multiple vulnerabilities
Summary: <net-dns/bind{-bind-tools}-{9.10.5,9.11.0_p5}: multiple vulnerabilities
Status: RESOLVED FIXED
Alias: CVE-2017-3136, CVE-2017-3137, CVE-2017-3138
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: http://www.openwall.com/lists/oss-sec...
Whiteboard: B3 [glsa blocked cve]
Keywords:
Depends on: 597204 600212 CVE-2017-3140, CVE-2017-3141
Blocks: CVE-2016-9131, CVE-2016-9147, CVE-2016-9444, CVE-2016-9778 CVE-2017-3135
  Show dependency tree
 
Reported: 2017-04-13 07:02 UTC by Agostino Sarubbo
Modified: 2017-08-17 03:06 UTC (History)
5 users (show)

See Also:
Package list:
=net-dns/bind-9.10.5 =net-dns/bind-9.11.0_p5 =net-dns/bind-tools-9.10.5 =net-dns/bind-tools-9.11.0_p5
Runtime testing required: ---
stable-bot: sanity-check-


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2017-04-13 07:02:46 UTC
From ${URL} :

Today Internet Systems Consortium disclosed three security
vulnerabilities in BIND which had been previously announced
to the distros@...ts.openwall.org list:

CVE-2017-3136, CVE-2017-3137, and CVE-2017-3138 are now public
and details can be found in our knowledge base:


https://kb.isc.org/category/74/0/10/Software-Products/BIND9/Security-Advisories/

New software releases have been issued containing these security fixes;
they are available from our download page at http://www.isc.org/downloads



@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Christian Ruppert (idl0r) archtester Gentoo Infrastructure gentoo-dev Security 2017-05-09 07:27:46 UTC
9.10.5 and 9.11.0_p5 have just been added. Would be cool if you could stabilize both versions and including bind-tools.

=net-dns/bind-9.10.5
=net-dns/bind-tools-9.10.5

=net-dns/bind-9.11.0_p5
=net-dns/bind-tools-9.11.0_p5
Comment 2 Yury German Gentoo Infrastructure gentoo-dev Security 2017-05-16 03:53:11 UTC
PPC Arch, since you are in the middle of removing keywords I added the stabilization request but please remove yourself as not sure where you are in the process.
Comment 3 Agostino Sarubbo gentoo-dev 2017-05-16 07:45:04 UTC
amd64 stable
Comment 4 Agostino Sarubbo gentoo-dev 2017-05-16 08:01:20 UTC
x86 stable
Comment 5 Agostino Sarubbo gentoo-dev 2017-05-16 13:06:07 UTC
ppc64 stable
Comment 6 Markus Meier gentoo-dev 2017-05-17 05:07:22 UTC
arm stable
Comment 7 Michael Weber (RETIRED) gentoo-dev 2017-05-17 12:18:00 UTC
ppc stable.
Comment 8 Agostino Sarubbo gentoo-dev 2017-05-22 11:41:00 UTC
sparc stable
Comment 9 Tobias Klausmann gentoo-dev 2017-05-22 16:10:01 UTC
Stable on alpha.
Comment 10 Thomas Deutschmann gentoo-dev Security 2017-06-08 18:16:05 UTC
GLSA Vote: Yes!

New GLSA request filed.
Comment 11 Thomas Deutschmann gentoo-dev Security 2017-06-08 22:32:14 UTC
Moving hppa to this one.
Comment 12 Thomas Deutschmann gentoo-dev Security 2017-06-09 17:47:24 UTC
@ HPPA AT:

You probably have already noticed but all blocking bugs are now resolved so please proceed with stabilization so that we can send out the pending GLSA. Thanks!
Comment 13 Agostino Sarubbo gentoo-dev 2017-06-10 15:15:31 UTC
ia64 stable
Comment 14 Stabilization helper bot gentoo-dev 2017-06-25 19:00:41 UTC
An automated check of this bug failed - the following atoms are unknown:

net-dns/bind-tools-9.10.5
net-dns/bind-9.10.5

Please verify the atom list.
Comment 15 Stabilization helper bot gentoo-dev 2017-06-26 10:00:29 UTC
An automated check of this bug failed - the following atoms are unknown:

net-dns/bind-9.10.5
net-dns/bind-tools-9.10.5

Please verify the atom list.
Comment 16 Yury German Gentoo Infrastructure gentoo-dev Security 2017-06-27 02:45:00 UTC
Ping on the Bug, holding up GLSA release.
Comment 17 Thomas Deutschmann gentoo-dev Security 2017-06-28 11:18:32 UTC
Superseded by bug 621730. Moving stabilization.
Comment 18 GLSAMaker/CVETool Bot gentoo-dev 2017-08-17 03:03:22 UTC
This issue was resolved and addressed in
 GLSA 201708-01 at https://security.gentoo.org/glsa/201708-01
by GLSA coordinator Yury German (BlueKnight).