Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 16 Jan 2017 10:22:27 +0000
From:      bugzilla-noreply@freebsd.org
To:        freebsd-ports-bugs@FreeBSD.org
Subject:   [Bug 216136] dns/powerdns: Upgrade to recent version (v4.0.2) - current(4.0.1) has critical vulnerabilities
Message-ID:  <bug-216136-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D216136

            Bug ID: 216136
           Summary: dns/powerdns: Upgrade to recent version (v4.0.2) -
                    current(4.0.1) has critical vulnerabilities
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Many People
          Priority: ---
         Component: Individual Port(s)
          Assignee: freebsd-ports-bugs@FreeBSD.org
          Reporter: i.dani@outlook.com
                CC: tremere@cainites.net
                CC: tremere@cainites.net
             Flags: maintainer-feedback?(tremere@cainites.net)

The current version avilable for FreeBSD is vulnerable since 13.01.2017 and=
 has
already been patched upstream.

See here:
https://blog.powerdns.com/2017/01/13/powerdns-authoritative-server-4-0-2-re=
leased/

Available version: 4.0.1_3
Patched version: 4.0.2

Important Changes

Security:
- Don=E2=80=99t parse spurious RRs in queries when we don=E2=80=99t need th=
em (Security
Advisory 2016-02)
- Don=E2=80=99t exit if the webserver can=E2=80=99t accept a connection (Se=
curity Advisory
2016-03)
- Check TSIG signature on IXFR (Security Advisory 2016-04)
- Correctly check unknown record content size (Security Advisory 2016-05)

Fixes:
- ODBC backend: actually prepare statements
- Improve root-zone performance
- Plug memory leak in postgresql backend (Christian Hofstaedtler)
calidns: Don=E2=80=99t crash if we don=E2=80=99t have enough =E2=80=98unkno=
wn=E2=80=99 queries remaining
- Improve PacketCache cleaning (Kees Monshouwer)
- Bind backend: update status message on reload, keep the existing zone on
failure
- Fix TSIG for single thread distributor (Kees Monshouwer)
- Change default for any-to-tcp to yes (Kees Monshouwer)
- Don=E2=80=99t look up the packet cache for TSIG-enabled queries
- Fix build with OpenSSL 1.1.0 final (Christian Hofstaedtler)
- pdnsutil: create-slave-zone accept multiple masters (Hannu Ylitalo)

-> Full Changelog:
https://doc.powerdns.com/md/changelog/#powerdns-authoritative-server-402

--=20
You are receiving this mail because:
You are the assignee for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-216136-13>