From 4630a1cf6edcbd62b571f5295e026ec48bd05cbd Mon Sep 17 00:00:00 2001
From: Haiqing Bai <haiqing.bai@windriver.com>
Date: Fri, 17 Feb 2023 10:04:38 +0800
Subject: [PATCH] Debian: bind9: Fix 3 CVEs

Upgrade bind9-dnsutils,bind9-host,bind9-libs from
"1:9.16.33-1~deb11u1" to "1:9.16.37-1~deb11u1" to
fix below CVEs:
CVE-2022-3094
CVE-2022-3736
CVE-2022-3924

Refer to:
https://security-tracker.debian.org/tracker/DSA-5329-1

Test Plan:
a. In builder, run:
   $rm /import/mirrors/starlingx/binaries/bind9*
   $downloader -b
   $repo_manage.py list_pkgs -r deb-local-binary
   Check the required bind9* packages were in the repository
b. $build-pkgs --clean --parallel 10
   $build-image
   Boot the iso image on board and check that the new
   packages have been installed.

Closes-Bug: 2006410

Signed-off-by: Haiqing Bai <haiqing.bai@windriver.com>
Change-Id: Ibe03a278b7fbd33403c30003cbed4ad0852ba1b5
---
 debian-mirror-tools/config/debian/common/base-bullseye.lst | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/debian-mirror-tools/config/debian/common/base-bullseye.lst b/debian-mirror-tools/config/debian/common/base-bullseye.lst
index ddb1bf0e..1aca7e90 100644
--- a/debian-mirror-tools/config/debian/common/base-bullseye.lst
+++ b/debian-mirror-tools/config/debian/common/base-bullseye.lst
@@ -23,9 +23,9 @@ avahi-daemon  0.8-5
 base-files  11.1+deb11u3
 bash-completion  1:2.11-2
 bc  1.07.1-2+b2
-bind9-dnsutils 1:9.16.33-1~deb11u1 https://snapshot.debian.org/archive/debian/20221030T150419Z/pool/main/b/bind9/bind9-dnsutils_9.16.33-1~deb11u1_amd64.deb
-bind9-host  1:9.16.33-1~deb11u1 https://snapshot.debian.org/archive/debian/20221030T150419Z/pool/main/b/bind9/bind9-host_9.16.33-1~deb11u1_amd64.deb
-bind9-libs  1:9.16.33-1~deb11u1 https://snapshot.debian.org/archive/debian/20221030T150419Z/pool/main/b/bind9/bind9-libs_9.16.33-1~deb11u1_amd64.deb
+bind9-dnsutils 1:9.16.37-1~deb11u1  https://snapshot.debian.org/archive/debian/20230212T084519Z/pool/main/b/bind9/bind9-dnsutils_9.16.37-1~deb11u1_amd64.deb
+bind9-host  1:9.16.37-1~deb11u1  https://snapshot.debian.org/archive/debian/20230212T084519Z/pool/main/b/bind9/bind9-host_9.16.37-1~deb11u1_amd64.deb
+bind9-libs  1:9.16.37-1~deb11u1  https://snapshot.debian.org/archive/debian/20230212T084519Z/pool/main/b/bind9/bind9-libs_9.16.37-1~deb11u1_amd64.deb
 binutils  2.35.2-2
 binutils-common  2.35.2-2
 binutils-x86-64-linux-gnu  2.35.2-2