From: Erik Winkels Date: Mon, 22 Jan 2018 13:13:31 +0000 (+0100) Subject: Add fixes suggested by @habbie. X-Git-Tag: dnsdist-1.3.0~142^2 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=7ff1605424b5f69994a66752e0ee08c9d8cb96b6;p=pdns Add fixes suggested by @habbie. --- diff --git a/pdns/recursordist/docs/changelog/4.1.rst b/pdns/recursordist/docs/changelog/4.1.rst index 2b3d9d100..1e06f02fc 100644 --- a/pdns/recursordist/docs/changelog/4.1.rst +++ b/pdns/recursordist/docs/changelog/4.1.rst @@ -11,7 +11,7 @@ Changelogs for 4.1.x The full release notes can be read `on the blog `_. - This is a release on the stable branch and contains a fix for the + This is a release on the stable branch, containing a fix for the abovementioned security issue and several bug fixes from the development branch. diff --git a/pdns/recursordist/docs/security-advisories/powerdns-advisory-2018-01.rst b/pdns/recursordist/docs/security-advisories/powerdns-advisory-2018-01.rst index d7de6b4b6..838ca3f70 100644 --- a/pdns/recursordist/docs/security-advisories/powerdns-advisory-2018-01.rst +++ b/pdns/recursordist/docs/security-advisories/powerdns-advisory-2018-01.rst @@ -17,7 +17,7 @@ An issue has been found in the DNSSEC validation component of PowerDNS Recursor, allowing an ancestor delegation NSEC or NSEC3 record to be used to wrongfully prove the non-existence of a RR below the owner name of that record. This would allow an attacker in position of man-in-the-middle to send a NXDOMAIN answer -for a name that does exist. This issue has been assigned TBD. +for a name that does exist. This issue has been assigned CVE-2018-1000003. PowerDNS Recursor 4.1.0 is affected. @@ -25,4 +25,4 @@ For those unable to upgrade to a new version, a minimal patch is `available `__ We would like to thank CZ.NIC for finding and subsequently reporting this -issue. +issue! Please also see https://lists.nic.cz/pipermail/knot-dns-users/2018-January/001309.html