Maniphest T2482

Update PowerDNS recursor to 4.3.1 for CVE-2020-10995
Closed, ResolvedPublicENHANCEMENT
Actions

Assigned To

Authored By

	dmbaturin
	May 19 2020, 9:32 PM

Tags

Referenced Files

None

Subscribers

Active contributors

Description

CVE-2020-10995 is a low risk, remote DoS vulnerability that can be triggered via a specially crafted reply. It's fixed in 4.3.1

https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-01.html

Details

Difficulty level: Unknown (require assessment)
Version: -
Why the issue appeared?: Will be filled on close
Is it a breaking change?: Perfectly compatible
Issue type: Unspecified (please specify)

Event Timeline

dmbaturin triaged this task as High priority.May 19 2020, 9:32 PM

dmbaturin created this task.

pasik added a subscriber: pasik.May 20 2020, 8:47 AM

tjh added a subscriber: tjh.May 20 2020, 6:56 PM

syncer changed the subtype of this task from "Task" to "Enhancement".Jun 7 2020, 12:04 PM

It's updated in current, still needs an update in crux.

c-po moved this task from Needs Triage to Finished on the VyOS 1.2 Crux (VyOS 1.2.6) board.Jun 26 2020, 4:03 PM

syncer reopened this task as Open.Sep 23 2020, 10:43 PM

syncer edited projects, added VyOS 1.2 Crux (VyOS 1.2.7); removed VyOS 1.2 Crux (VyOS 1.2.6).

syncer added a project: VyOS 1.3 Equuleus.

syncer moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus board.

dmbaturin closed this task as Resolved.Sep 26 2020, 10:57 AM

dmbaturin edited projects, added Restricted Project; removed VyOS 1.2 Crux (VyOS 1.2.7).Sep 27 2020, 9:53 AM

dmbaturin removed a project: VyOS 1.3 Equuleus.Sep 10 2021, 2:38 PM

dmbaturin set Issue type to Unspecified (please specify).