Ubuntu
pdns package

CVE-2022-27227 patch required

Bug #2011613 reported by Aaron B. Russell on 2023-03-14

258

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	pdns (Ubuntu)	New	Undecided	Unassigned

Bug Description

A patch is required for CVE-2022-27227. According to https://ubuntu.com/security/CVE-2022-27227 an upstream fix is available for this issue.

The following releases and package versions are affected:
- focal (4.2.1-1build2)
- jammy (4.5.3-1)
- kinetic (4.6.3-1)

Expected:
The bug should be patched

What happened instead:
The bug was not patched

Tags:

CVE References

2022-27227

Revision history for this message

Marc Deslauriers (mdeslaur) wrote on 2023-03-17:

Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest coordinating with upstream and posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures

tags:	added: community-security
information type:	Private Security → Public Security

Revision history for this message

Chris Hofstaedtler (zeha) wrote on 2024-06-13:

kinetic 4.6.3 was not affected.

for jammy, the upstream diff from 4.5.3 to 4.5.4 should be small enough.

for focal there are no upstream patches. good luck!

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntupdns package