Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Pin dnspython to latest version 2.7.0 #47

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

pyup-bot
Copy link
Collaborator

@pyup-bot pyup-bot commented Oct 5, 2024

This PR pins dnspython to the latest release 2.7.0.

Changelog

2.7.0

See [What's New](https://dnspython.readthedocs.io/en/stable/whatsnew.html) for details.

The minimum supported version of Python is 3.9.

My thanks to the many people who have contributed to this release.  Also thanks to my co-maintainers: Tomáš Křížek, Petr Špaček, and Brian Wellington.

2.6.1

See [What's New](https://dnspython.readthedocs.io/en/latest/whatsnew.html) for details.

This is a bug fix release for 2.6.0 where the "TuDoor" fix erroneously
suppressed legitimate Truncated exceptions.  This caused the stub
resolver to timeout instead of failing over to TCP when a legitimate
truncated response was received over UDP.

This release addresses the potential DoS issue discussed in the
"TuDoor" paper (CVE-2023-29483).  The dnspython stub resolver is
vulnerable to a potential DoS if a bad-in-some-way response from the
right address and port forged by an attacker arrives before a
legitimate one on the UDP port dnspython is using for that query.  In
this situation, dnspython might switch to querying another resolver or
give up entirely, possibly denying service for that resolution.  This
release addresses the issue by adopting the recommended mitigation,
which is ignoring the bad packets and continuing to listen for a
legitimate response until the timeout for the query has expired.

Thank you to all the contributors to this release, and, as usual,
thanks to my co-maintainers: Tomáš Křížek, Petr Špaček, and Brian
Wellington.

2.6.0

See [What's New](https://dnspython.readthedocs.io/en/latest/whatsnew.html) for details.

This release addresses the potential DoS issue discussed in the "TuDoor" paper (CVE-2023-29483).  The dnspython stub resolver is vulnerable to a potential DoS if a bad-in-some-way response from the right address and port forged by an attacker arrives before a legitimate one on the UDP port dnspython is using for that query.  In this situation, dnspython might switch to querying another resolver or give up entirely, possibly denying service for that resolution.  This release addresses the issue by adopting the recommended mitigation, which is ignoring the bad packets and continuing to listen for a legitimate response until the timeout for the query has expired.

Thank you to all the contributors to this release, and, as usual, thanks to my co-maintainers: Tomáš Křížek, Petr Špaček, and Brian Wellington.

2.5.0

See the [What's New](https://dnspython.readthedocs.io/en/stable/whatsnew.html) page for a summary of this release.

Thanks to all the contributors, and, as usual, thanks to my co-maintainers: Tomáš Křížek, Petr Špaček, and Brian Wellington.

2.4.2

This is a bug fix release, see the [What's New](https://dnspython.readthedocs.io/en/stable/whatsnew.html) page in the documentation for a summary.

Thanks to the people who reported the bugs and, as usual, thanks to my co-maintainers: Tomáš Křížek, Petr Špaček, and Brian Wellington.
Links

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant