Upstream has issued advisories on June 21: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-04.html https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-05.html The issues are fixed in 4.1.10: https://blog.powerdns.com/2019/06/21/powerdns-authoritative-server-4-0-8-and-4-1-10-released/
Status comment: (none) => Fixed upstream in 4.1.10Whiteboard: (none) => MGA7TOO, MGA6TOO
Assigning to our registered pdns maintainer.
Assignee: bugsquad => mityaCC: (none) => marja11
CC'ing daviddavid, who pushed this package many times, because I haven't recently seen mitya.
CC: (none) => geiger.david68210
Upstream has issued an advisory on July 30: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-06.html The issue is fixed in 4.1.11, but also requires manual intervention by the sysadmin, so we'll need to include a note about that in our advisory. https://blog.powerdns.com/2019/08/01/security-notice-for-powerdnspostgres-users/
Summary: pdns new security issues CVE-2019-1016[23] => pdns new security issues CVE-2019-1016[23] and CVE-2019-10203Status comment: Fixed upstream in 4.1.10 => Fixed upstream in 4.1.11
Debian advisory for the first two CVEs from June 23: https://www.debian.org/security/2019/dsa-4470
openSUSE has issued an advisory for this on August 15: https://lists.opensuse.org/opensuse-updates/2019-08/msg00090.html
Whiteboard: MGA7TOO, MGA6TOO => MGA7TOOCC: (none) => mageia
Fixed in: https://advisories.mageia.org/MGASA-2020-0375.html but that advisory needs to be updated.
Depends on: (none) => 27310Version: Cauldron => 7Whiteboard: MGA7TOO => (none)
Advisory for Bug 27310 updated in SVN, so wiki advisory should get updated next time we push updates. I've asked if the e-mail advisory can be re-sent.
Resolution: (none) => FIXEDStatus: NEW => RESOLVED