projects / pdns-recursor.git / log
? search:
summary | shortlog | log | commit | commitdiff | tree
first ⋅ prev ⋅ next
pdns-recursor.git
21 months agoBackport of acl check to 4.1.x
commit | commitdiff | tree
Otto Moerbeek [Tue, 30 Jun 2020 11:46:54 +0000 (13:46 +0200)]
Backport of acl check to 4.1.x

An issue has been found in PowerDNS Recursor where the ACL applied to the
internal web server via `webserver-allow-from` is not properly enforced,
allowing a remote attacker to send HTTP queries to the internal web server,
bypassing the restriction.

Note that the web server is not enabled by default. Only installations using a
non-default value for `webserver` and `webserver-address` are affected.

Workarounds are: disable the webserver or set a password or an API key.
Additionally, restrict the binding address using the `webserver-address`
setting to local addresses only and/or use a firewall to disallow web requests
from untrusted sources reaching the webserver listening address.

Bug: https://www.openwall.com/lists/oss-security/2020/07/01/1
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964103
Origin: https://github.com/PowerDNS/pdns/commit/e81271189216dbf2850c6d4461dfc3f37c731ac8.patch
Reviewed-by: Daniel Leidert <dleidert@debian.org>
Gbp-Pq: Name CVE-2020-14196.patch

21 months agons-ampl-4.1.15
commit | commitdiff | tree
pdns-recursor packagers [Mon, 18 Mar 2024 22:34:27 +0000 (23:34 +0100)]
ns-ampl-4.1.15

===================================================================

Gbp-Pq: Name ns-ampl-4.1.15.diff

21 months agohostname-4.1.15
commit | commitdiff | tree
pdns-recursor packagers [Mon, 18 Mar 2024 22:34:27 +0000 (23:34 +0100)]
hostname-4.1.15

===================================================================

Gbp-Pq: Name hostname-4.1.15.diff

21 months agobogus-empty-nxd-4.1.15
commit | commitdiff | tree
pdns-recursor packagers [Mon, 18 Mar 2024 22:34:27 +0000 (23:34 +0100)]
bogus-empty-nxd-4.1.15

===================================================================

Gbp-Pq: Name bogus-empty-nxd-4.1.15.diff

21 months agostack-size
commit | commitdiff | tree
pdns-recursor packagers [Mon, 18 Mar 2024 22:34:27 +0000 (23:34 +0100)]
stack-size

Gbp-Pq: Name stack-size

21 months agotestrunner-log-verbosity
commit | commitdiff | tree
pdns-recursor packagers [Mon, 18 Mar 2024 22:34:27 +0000 (23:34 +0100)]
testrunner-log-verbosity

===================================================================

Gbp-Pq: Name testrunner-log-verbosity

21 months agopdns-recursor (4.1.11-1+deb10u2) buster; urgency=medium
commit | commitdiff | tree
Daniel Leidert [Mon, 18 Mar 2024 22:34:27 +0000 (23:34 +0100)]
pdns-recursor (4.1.11-1+deb10u2) buster; urgency=medium

  * Non-maintainer upload by the Debian LTS Team.
  * debian/patches/CVE-2020-14196.patch: Added (CVE-2020-14196).
    - Add patch to enforce 'webserver-allow-from' ACL (closes: #964103).
  * debian/patches/CVE-2020-25829.patch: Added (CVE-2020-25829).
    - Add patch to fix DoS (closes: #972159).

[dgit import unpatched pdns-recursor 4.1.11-1+deb10u2]

21 months agoImport pdns-recursor_4.1.11-1+deb10u2.debian.tar.xz
commit | commitdiff | tree
Daniel Leidert [Mon, 18 Mar 2024 22:34:27 +0000 (23:34 +0100)]
Import pdns-recursor_4.1.11-1+deb10u2.debian.tar.xz

[dgit import tarball pdns-recursor 4.1.11-1+deb10u2 pdns-recursor_4.1.11-1+deb10u2.debian.tar.xz]

6 years agoImport pdns-recursor_4.1.11.orig.tar.bz2
commit | commitdiff | tree
Chris Hofstaedtler [Sun, 3 Feb 2019 15:02:43 +0000 (15:02 +0000)]
Import pdns-recursor_4.1.11.orig.tar.bz2

[dgit import orig pdns-recursor_4.1.11.orig.tar.bz2]

Unnamed repository; edit this file 'description' to name the repository.