Date: Mon, 16 Jan 2017 10:18:44 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 216135] dns/powerdns-recursor: Upgrade to recent version (v4.0.4) - current(4.0.3) is vulnerable Message-ID: <bug-216135-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D216135 Bug ID: 216135 Summary: dns/powerdns-recursor: Upgrade to recent version (v4.0.4) - current(4.0.3) is vulnerable Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Many People Priority: --- Component: Individual Port(s) Assignee: freebsd-ports-bugs@FreeBSD.org Reporter: i.dani@outlook.com CC: tremere@cainites.net Flags: maintainer-feedback?(tremere@cainites.net) CC: tremere@cainites.net The current version avilable for FreeBSD is vulnerable since 13.01.2017 and= has already been patched upstream. See here: https://blog.powerdns.com/2017/01/13/powerdns-recursor-4-0-4-released/ Available version: 4.0.3_3 Patched version: 4.0.4=20 Changelog Security: Check TSIG signature on IXFR (Security Advisory 2016-04) Don=E2=80=99t parse spurious RRs in queries when we don=E2=80=99t need = them (Security Advisory 2016-02) Fixes: Add `max-recursion-depth` to limit the number of internal recursion Wait until after daemonizing to start the RPZ and protobuf threads On RPZ customPolicy, follow the resulting CNAME Make the negcache forwarded zones aware Cache records for zones that were delegated to from a forwarded zone DNSSEC: don=E2=80=99t go bogus on zero configured DSs DNSSEC: NSEC3 optout and Bogus insecure forward fixes DNSSEC: Handle CNAMEs at the apex of secure zones to other secure zones --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-216135-13>