Date: Mon, 29 Jun 2026 10:07:58 +0000 From: Yusuf Yaman <nxjoseph@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: c15f12fd1038 - main - security/vuxml: Document dns/dnsdist vulnerabilities Message-ID: <6a4243fe.34ae3.5764a87e@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch main has been updated by nxjoseph: URL: https://cgit.FreeBSD.org/ports/commit/?id=c15f12fd10382b4aca3efb7ed0ff0dc5d41b0b8b commit c15f12fd10382b4aca3efb7ed0ff0dc5d41b0b8b Author: Yusuf Yaman <nxjoseph@FreeBSD.org> AuthorDate: 2026-06-29 10:06:53 +0000 Commit: Yusuf Yaman <nxjoseph@FreeBSD.org> CommitDate: 2026-06-29 10:07:44 +0000 security/vuxml: Document dns/dnsdist vulnerabilities PR: 296314 Approved by: osa, vvd (Mentors, implicit) --- security/vuxml/vuln/2026.xml | 49 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) diff --git a/security/vuxml/vuln/2026.xml b/security/vuxml/vuln/2026.xml index 6406b55cc1c4..ea99351da778 100644 --- a/security/vuxml/vuln/2026.xml +++ b/security/vuxml/vuln/2026.xml @@ -1,3 +1,52 @@ + <vuln vid="6c0e17cf-73a0-11f1-910d-3c7c3fba4204"> + <topic>DNSdist -- vulnerabilities</topic> + <affects> + <package> + <name>dnsdist</name> + <range><lt>2.0.7</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The DNSdist team reports:</p> + <blockquote cite="https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-09.html"> + <ul> + <li>CVE-2026-40011: Prometheus denial of service via crafted DNS queries</li> + <li>CVE-2026-42004: EDNS options smuggling</li> + <li>CVE-2026-42005: Insufficient input validation of internal web server</li> + <li>CVE-2026-40208: Denial of service via DoH3 queries</li> + <li>CVE-2026-40209: Denial of service via IXFR queries</li> + <li>CVE-2026-40210: Out-of-bounds read in SetMacAddrAction</li> + <li>CVE-2026-40211: Denial of service via crafted DoH3 queries</li> + </ul> + <p>Thanks to people below for reporting these vulnerabilities.</p> + <ul> + <li>Haruki Oyama (Waseda University)</li> + <li>Vitaly Simonovich</li> + <li>ilya rozentsvaig</li> + <li>ylwango613</li> + <li>Qifan Zhang (Palo Alto Networks)</li> + <li>Mehtab Zafar</li> + </ul> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2026-40011</cvename> + <cvename>CVE-2026-42004</cvename> + <cvename>CVE-2026-42005</cvename> + <cvename>CVE-2026-40208</cvename> + <cvename>CVE-2026-40209</cvename> + <cvename>CVE-2026-40210</cvename> + <cvename>CVE-2026-40211</cvename> + <url>https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-09.html</url> + </references> + <dates> + <discovery>2026-06-25</discovery> + <entry>2026-06-29</entry> + </dates> + </vuln> + <vuln vid="4e82a0e6-6801-42c6-8fb6-91b6b275a9e1"> <topic>gstreamer1 -- multiple vulnerabilities</topic> <affects>home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6a4243fe.34ae3.5764a87e>
