Upstream has issued advisories on June 21:
The issues are fixed in 4.1.10:
Fixed upstream in 4.1.10Whiteboard:
Assigning to our registered pdns maintainer.
CC'ing daviddavid, who pushed this package many times, because I haven't recently seen mitya.
Upstream has issued an advisory on July 30:
The issue is fixed in 4.1.11, but also requires manual intervention by the sysadmin, so we'll need to include a note about that in our advisory.
pdns new security issues CVE-2019-1016 =>
pdns new security issues CVE-2019-1016 and CVE-2019-10203Status comment:
Fixed upstream in 4.1.10 =>
Fixed upstream in 4.1.11
Debian advisory for the first two CVEs from June 23:
openSUSE has issued an advisory for this on August 15:
MGA7TOO, MGA6TOO =>
but that advisory needs to be updated.
Advisory for Bug 27310 updated in SVN, so wiki advisory should get updated next time we push updates. I've asked if the e-mail advisory can be re-sent.