release 1.3.3

author Vladimír Čunát <vladimir.cunat@nic.cz>

Wed, 9 Aug 2017 08:23:47 +0000 (10:23 +0200)

committer Vladimír Čunát <vladimir.cunat@nic.cz>

Wed, 9 Aug 2017 08:39:00 +0000 (10:39 +0200)
author Vladimír Čunát <vladimir.cunat@nic.cz>
Wed, 9 Aug 2017 08:23:47 +0000 (10:23 +0200)
committer Vladimír Čunát <vladimir.cunat@nic.cz>
Wed, 9 Aug 2017 08:39:00 +0000 (10:39 +0200)
diff --git a/NEWS b/NEWS

index e4248ed7eaf2dc1106b9b0806c1590ba91c4d0f2..445d7bcbf882731b2a8f3fb96c4c3ea2502905c2 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,12 @@
-Knot Resolver 1.3.3 (2017-0_-__)
+Knot Resolver 1.3.3 (2017-08-09)
  ================================
  
+Security
+--------
+- Fix a critical DNSSEC flaw.  Signatures might be accepted as valid
+  even if the signed data was not in bailiwick of the DNSKEY used to
+  sign it, assuming the trust chain to that DNSKEY was valid.
+
  Bugfixes
  --------
  - iterate: skip RRSIGs with bad label count instead of immediate SERVFAIL
diff --git a/config.mk b/config.mk

index e7db4577a7cee0002723d2dd10dabf008efdc92b..d688dc0ec06532e04d705d971d76cd41d2a65b7d 100644 (file)
--- a/config.mk
+++ b/config.mk
@@ -1,7 +1,7 @@
  # Project
  MAJOR := 1
  MINOR := 3
-PATCH := 2
+PATCH := 3
  EXTRA :=
  ABIVER := 3
  BUILDMODE := dynamic
author	Vladimír Čunát <vladimir.cunat@nic.cz>
	Wed, 9 Aug 2017 08:23:47 +0000 (10:23 +0200)
committer	Vladimír Čunát <vladimir.cunat@nic.cz>
	Wed, 9 Aug 2017 08:39:00 +0000 (10:39 +0200)
NEWS		patch \| blob \| blame \| history
config.mk		patch \| blob \| blame \| history