Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 29 Jun 2026 10:07:58 +0000
From:      Yusuf Yaman <nxjoseph@FreeBSD.org>
To:        ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org
Subject:   git: c15f12fd1038 - main - security/vuxml: Document dns/dnsdist vulnerabilities
Message-ID:  <6a4243fe.34ae3.5764a87e@gitrepo.freebsd.org>

index | next in thread | raw e-mail

The branch main has been updated by nxjoseph:

URL: https://cgit.FreeBSD.org/ports/commit/?id=c15f12fd10382b4aca3efb7ed0ff0dc5d41b0b8b

commit c15f12fd10382b4aca3efb7ed0ff0dc5d41b0b8b
Author:     Yusuf Yaman <nxjoseph@FreeBSD.org>
AuthorDate: 2026-06-29 10:06:53 +0000
Commit:     Yusuf Yaman <nxjoseph@FreeBSD.org>
CommitDate: 2026-06-29 10:07:44 +0000

    security/vuxml: Document dns/dnsdist vulnerabilities
    
    PR:             296314
    Approved by:    osa, vvd (Mentors, implicit)
---
 security/vuxml/vuln/2026.xml | 49 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 49 insertions(+)

diff --git a/security/vuxml/vuln/2026.xml b/security/vuxml/vuln/2026.xml
index 6406b55cc1c4..ea99351da778 100644
--- a/security/vuxml/vuln/2026.xml
+++ b/security/vuxml/vuln/2026.xml
@@ -1,3 +1,52 @@
+  <vuln vid="6c0e17cf-73a0-11f1-910d-3c7c3fba4204">
+    <topic>DNSdist -- vulnerabilities</topic>
+    <affects>
+    <package>
+	<name>dnsdist</name>
+	<range><lt>2.0.7</lt></range>
+    </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">;
+	<p>The DNSdist team reports:</p>
+	<blockquote cite="https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-09.html">;
+	<ul>
+	  <li>CVE-2026-40011: Prometheus denial of service via crafted DNS queries</li>
+	  <li>CVE-2026-42004: EDNS options smuggling</li>
+	  <li>CVE-2026-42005: Insufficient input validation of internal web server</li>
+	  <li>CVE-2026-40208: Denial of service via DoH3 queries</li>
+	  <li>CVE-2026-40209: Denial of service via IXFR queries</li>
+	  <li>CVE-2026-40210: Out-of-bounds read in SetMacAddrAction</li>
+	  <li>CVE-2026-40211: Denial of service via crafted DoH3 queries</li>
+	</ul>
+	<p>Thanks to people below for reporting these vulnerabilities.</p>
+	<ul>
+	  <li>Haruki Oyama (Waseda University)</li>
+	  <li>Vitaly Simonovich</li>
+	  <li>ilya rozentsvaig</li>
+	  <li>ylwango613</li>
+	  <li>Qifan Zhang (Palo Alto Networks)</li>
+	  <li>Mehtab Zafar</li>
+	</ul>
+	</blockquote>
+	</body>
+    </description>
+    <references>
+      <cvename>CVE-2026-40011</cvename>
+      <cvename>CVE-2026-42004</cvename>
+      <cvename>CVE-2026-42005</cvename>
+      <cvename>CVE-2026-40208</cvename>
+      <cvename>CVE-2026-40209</cvename>
+      <cvename>CVE-2026-40210</cvename>
+      <cvename>CVE-2026-40211</cvename>
+      <url>https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-09.html</url>;
+    </references>
+    <dates>
+      <discovery>2026-06-25</discovery>
+      <entry>2026-06-29</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="4e82a0e6-6801-42c6-8fb6-91b6b275a9e1">
     <topic>gstreamer1 -- multiple vulnerabilities</topic>
     <affects>


home | help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6a4243fe.34ae3.5764a87e>