211854 – dns/powerdns*: backport CVE-2016-6172 fix to 3.x series

Bug 211854 - dns/powerdns*: backport CVE-2016-6172 fix to 3.x series

Summary: dns/powerdns*: backport CVE-2016-6172 fix to 3.x series

Status:	Closed Overcome By Events

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Some People
Assignee:	Ports Security Team

URL:
Keywords:	needs-patch, needs-qa, security

Depends on:
Blocks:

Reported:	2016-08-15 01:44 UTC by Jason Unovitch
Modified:	2016-11-27 03:32 UTC (History)
CC List:	1 user (show)

See Also:

Flags:	junovitch: merge-quarterly?

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jason Unovitch freebsd_committer

2016-08-15 01:44:16 UTC

As noted in bug 211147, there is an issue with specially crafted queries in PowerDNS that impact the older release.  We've just updated to the 4.x series but given the scope of that change open this to start tracking a backport of the pertinent fix to the older 3.x in quarterly.

Comment 1 Jason Unovitch freebsd_committer

2016-08-15 01:45:38 UTC

Add PowerDNS maintainer. Can you test the upstream change for this and give a thumbs up if QA checks out? It looks like https://github.com/PowerDNS/pdns/pull/4134/commits/a014f4c224a7b21f1c648257d1fd1128413129aa is the pertinent pull request.

Comment 2 Jason Unovitch freebsd_committer

2016-11-27 03:32:37 UTC

Sorry, this is overcome by events with the 4.x series on 2016Q4.