9.16.1-0ubuntu2.3 has the patch for 2020-8621:
bind9 (1:9.16.1-0ubuntu2.3) focal-security; urgency=medium
* SECURITY UPDATE: A specially crafted large TCP payload can trigger an
assertion failure
- debian/patches/CVE-2020-8620.patch: add extra checks to
lib/isc/netmgr/netmgr-int.h, lib/isc/netmgr/netmgr.c,
lib/isc/netmgr/tcp.c, lib/isc/netmgr/udp.c.
- CVE-2020-8620
* SECURITY UPDATE: Attempting QNAME minimization after forwarding can
lead to an assertion failure
- debian/patches/CVE-2020-8621.patch: disable QNAME minimization in
lib/dns/resolver.c.
- CVE-2020-8621
...
9.16.1-0ubuntu2.3 has the patch for 2020-8621: 1-0ubuntu2. 3) focal-security; urgency=medium
bind9 (1:9.16.
* SECURITY UPDATE: A specially crafted large TCP payload can trigger an patches/ CVE-2020- 8620.patch: add extra checks to isc/netmgr/ netmgr- int.h, lib/isc/ netmgr/ netmgr. c, isc/netmgr/ tcp.c, lib/isc/ netmgr/ udp.c. patches/ CVE-2020- 8621.patch: disable QNAME minimization in dns/resolver. c.
assertion failure
- debian/
lib/
lib/
- CVE-2020-8620
* SECURITY UPDATE: Attempting QNAME minimization after forwarding can
lead to an assertion failure
- debian/
lib/
- CVE-2020-8621
...
Maybe this is https:/ /gitlab. isc.org/ isc-projects/ bind9/- /commit/ 0a22024c270a38a 54f0d51621a046b 726df158c0 ? Fixed in debian too:
bind9 (1:9.16.6-3) unstable; urgency=medium
[ Ondřej Surý ]
* Add upstream patches to fix some rare conditions (Closes: #969448)
[ Bernhard Schmidt ]
* Set Restart=on-failure in systemd unit
-- Bernhard Schmidt <email address hidden> Tue, 15 Sep 2020 00:26:14 +0200