Bug 269116 - dns/powerdns-recursor: update to 4.8.1 (fixes CVE-2023-22617)
Summary: dns/powerdns-recursor: update to 4.8.1 (fixes CVE-2023-22617)
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Fernando Apesteguía
URL: https://docs.powerdns.com/recursor/ch...
Keywords: security
Depends on:
Blocks:
 
Reported: 2023-01-23 14:26 UTC by Ralf van der Enden
Modified: 2023-01-24 06:51 UTC (History)
2 users (show)

See Also:
fernape: merge-quarterly+

Attachments
Update to PowerDNS Recursor 4.8.1 (931 bytes, patch)
2023-01-23 14:26 UTC, Ralf van der Enden 		tremere: maintainer-approval+
Details | Diff
Add entry to VuXML for PowerDNS Recursor (1.22 KB, patch)
2023-01-23 14:27 UTC, Ralf van der Enden 		tremere: maintainer-approval?
Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Ralf van der Enden 2023-01-23 14:26:49 UTC 
Created attachment 239658 [details]
Update to PowerDNS Recursor 4.8.1

This release fixes CVE-2023-22617 (see URL) and only that.

Q&A:
poudriere: testport ok (13.1-RELEASE;amd64;)
Makefile portclippy/portmft processed
Comment 1 Ralf van der Enden 2023-01-23 14:27:35 UTC 
Created attachment 239659 [details]
Add entry to VuXML for PowerDNS Recursor
Comment 2 Fernando Apesteguía freebsd_committer freebsd_triage 2023-01-23 17:17:53 UTC 
Thank you very much for the VuXML entry!
Comment 3 commit-hook freebsd_committer freebsd_triage 2023-01-24 06:49:12 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=2c4784a7609ff0ef908af4e533c178ca3fa026d1

commit 2c4784a7609ff0ef908af4e533c178ca3fa026d1
Author:     Ralf van der Enden <tremere@cainites.net>
AuthorDate: 2023-01-23 17:07:40 +0000
Commit:     Fernando Apesteguía <fernape@FreeBSD.org>
CommitDate: 2023-01-24 06:43:57 +0000

    dns/powerdns-recursor: update to 4.8.1 (fixes CVE-2023-22617)

    ChangeLog: https://docs.powerdns.com/recursor/changelog/4.8.html#change-4.8.1

    Avoid unbounded recursion when retrieving DS records from some misconfigured
    domains.

    PR:             269116
    Reported by:    tremere@cainites.net (maintainer)
    MFH:            2023Q1 (security fix)
    Security:       CVE-2023-22617

 dns/powerdns-recursor/Makefile | 3 +--
 dns/powerdns-recursor/distinfo | 6 +++---
 2 files changed, 4 insertions(+), 5 deletions(-)
Comment 4 commit-hook freebsd_committer freebsd_triage 2023-01-24 06:50:13 UTC 
A commit in branch 2023Q1 references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=08389f09e4b24c0ee05de9eabffa3eb9e45e392e

commit 08389f09e4b24c0ee05de9eabffa3eb9e45e392e
Author:     Ralf van der Enden <tremere@cainites.net>
AuthorDate: 2023-01-23 17:07:40 +0000
Commit:     Fernando Apesteguía <fernape@FreeBSD.org>
CommitDate: 2023-01-24 06:45:55 +0000

    dns/powerdns-recursor: update to 4.8.1 (fixes CVE-2023-22617)

    ChangeLog: https://docs.powerdns.com/recursor/changelog/4.8.html#change-4.8.1

    Avoid unbounded recursion when retrieving DS records from some misconfigured
    domains.

    PR:             269116
    Reported by:    tremere@cainites.net (maintainer)
    MFH:            2023Q1 (security fix)
    Security:       CVE-2023-22617

    (cherry picked from commit 2c4784a7609ff0ef908af4e533c178ca3fa026d1)

 dns/powerdns-recursor/Makefile | 2 +-
 dns/powerdns-recursor/distinfo | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)
Comment 5 commit-hook freebsd_committer freebsd_triage 2023-01-24 06:51:14 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=6ce46aad1724ae98a6aad1a9789389893eab4252

commit 6ce46aad1724ae98a6aad1a9789389893eab4252
Author:     Ralf van der Enden <tremere@cainites.net>
AuthorDate: 2023-01-23 17:12:27 +0000
Commit:     Fernando Apesteguía <fernape@FreeBSD.org>
CommitDate: 2023-01-24 06:46:41 +0000

    security/vuxml: register dns/powerdns-recursor vulnerability

    CVE-2023-22617

    PR:     269116

 security/vuxml/vuln/2023.xml | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)
Comment 6 Fernando Apesteguía freebsd_committer freebsd_triage 2023-01-24 06:51:32 UTC 
Committed and merged to 2023Q1,

Thanks!