Date: Mon, 16 Feb 2026 17:29:43 +0000 From: Ryan Steinmetz <zi@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 8421859a6c46 - main - security/vuxml: Document vulnerability in dns/powerdns-recursor Message-ID: <69935407.325fb.3e675c6f@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch main has been updated by zi: URL: https://cgit.FreeBSD.org/ports/commit/?id=8421859a6c46de0af1ae1b11155e3f5042cbefca commit 8421859a6c46de0af1ae1b11155e3f5042cbefca Author: Ryan Steinmetz <zi@FreeBSD.org> AuthorDate: 2026-02-16 17:29:38 +0000 Commit: Ryan Steinmetz <zi@FreeBSD.org> CommitDate: 2026-02-16 17:29:38 +0000 security/vuxml: Document vulnerability in dns/powerdns-recursor --- security/vuxml/vuln/2026.xml | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/security/vuxml/vuln/2026.xml b/security/vuxml/vuln/2026.xml index 6d62246e0d0d..081b42a37693 100644 --- a/security/vuxml/vuln/2026.xml +++ b/security/vuxml/vuln/2026.xml @@ -1,3 +1,40 @@ + <vuln vid="67793feb-0b5b-11f1-a1c0-0050569f0b83"> + <topic>powerdns-recursor -- Denial of Service</topic> + <affects> + <package> + <name>powerdns-recursor</name> + <range><lt>5.3.5</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>PowerDNS Team reports:</p> + <blockquote cite="https://blog.powerdns.com/2025/12/08/powerdns-security-advisories-2025-07-and-2025-08">; + <p>2025-07: Internal logic flaw in cache management can lead to + a denial of service in Recursor</p> + <p>2025-08: Insufficient validation of incoming notifies over + TCP can lead to a denial of service in Recursor</p> + <p>2026-01: Crafted zones can lead to increased resource usage in Recursor</p> + <p>2026-01: This problem can be triggered by publishing and querying a crafted + zone that causes large memory usage.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-59029</cvename> + <cvename>CVE-2025-59030</cvename> + <cvename>CVE-2026-24027</cvename> + <cvename>CVE-2026-0398</cvename> + <url>https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2025-07.html</url>; + <url>https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2025-08.html</url>; + <url>https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2026-01.html</url>; + </references> + <dates> + <discovery>2025-12-08</discovery> + <entry>2026-02-16</entry> + </dates> + </vuln> + <vuln vid="f9cb72e4-0b52-11f1-8e75-b42e991fc52e"> <topic>png -- CWE-122: Heap-based Buffer Overflow</topic> <affects>home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?69935407.325fb.3e675c6f>