From 4e4bf1cf09dcf909629cce4649acb7f27a84ce05 Mon Sep 17 00:00:00 2001 From: Peter Korsgaard Date: Sat, 30 Oct 2021 19:35:53 +0200 Subject: [PATCH] package/bind: security bump to version 9.11.36 Fixes the following security issues: - CVE-2021-25219: Lame cache can be abused to severely degrade resolver performance For details, see the advisory: https://kb.isc.org/docs/cve-2021-25219 Signed-off-by: Peter Korsgaard --- package/bind/bind.hash | 6 +++--- package/bind/bind.mk | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/package/bind/bind.hash b/package/bind/bind.hash index 12b80149c5..70299f1677 100644 --- a/package/bind/bind.hash +++ b/package/bind/bind.hash @@ -1,4 +1,4 @@ -# Verified from https://ftp.isc.org/isc/bind9/9.11.35/bind-9.11.35.tar.gz.asc -# with key E9AB6E79233C0416E8993F450C03AFA90A5967C4 -sha256 1c882705827b6aafa45d917ae3b20eccccc8d5df3c4477df44b04382e6c47562 bind-9.11.35.tar.gz +# Verified from https://ftp.isc.org/isc/bind9/9.11.36/bind-9.11.36.tar.gz.asc +# with key AADBBA5074F1402F7B69D56BC5B4EE931A9F9DFD +sha256 c953fcb6703b395aaa53e65ff8b2869b69a5303dd60507cba2201305e1811681 bind-9.11.36.tar.gz sha256 cad49daa42654bc241762cd998630168a2542c8fd6fad3881e2eac1510bb6fcd COPYRIGHT diff --git a/package/bind/bind.mk b/package/bind/bind.mk index 0d95da209c..ba32d6150a 100644 --- a/package/bind/bind.mk +++ b/package/bind/bind.mk @@ -4,7 +4,7 @@ # ################################################################################ -BIND_VERSION = 9.11.35 +BIND_VERSION = 9.11.36 BIND_SITE = https://ftp.isc.org/isc/bind9/$(BIND_VERSION) # bind does not support parallel builds. BIND_MAKE = $(MAKE1)