{"affected":[{"ecosystem_specific":{"binaries":[{"pdns":"4.1.2-bp150.2.6.1","pdns-backend-geoip":"4.1.2-bp150.2.6.1","pdns-backend-godbc":"4.1.2-bp150.2.6.1","pdns-backend-ldap":"4.1.2-bp150.2.6.1","pdns-backend-lua":"4.1.2-bp150.2.6.1","pdns-backend-mydns":"4.1.2-bp150.2.6.1","pdns-backend-mysql":"4.1.2-bp150.2.6.1","pdns-backend-postgresql":"4.1.2-bp150.2.6.1","pdns-backend-remote":"4.1.2-bp150.2.6.1","pdns-backend-sqlite3":"4.1.2-bp150.2.6.1"}]},"package":{"ecosystem":"SUSE:Package Hub 12 SP1","name":"pdns","purl":"pkg:rpm/suse/pdns&distro=SUSE%20Package%20Hub%2012%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.1.2-bp150.2.6.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"pdns":"4.1.2-bp150.2.6.1","pdns-backend-geoip":"4.1.2-bp150.2.6.1","pdns-backend-godbc":"4.1.2-bp150.2.6.1","pdns-backend-ldap":"4.1.2-bp150.2.6.1","pdns-backend-lua":"4.1.2-bp150.2.6.1","pdns-backend-mydns":"4.1.2-bp150.2.6.1","pdns-backend-mysql":"4.1.2-bp150.2.6.1","pdns-backend-postgresql":"4.1.2-bp150.2.6.1","pdns-backend-remote":"4.1.2-bp150.2.6.1","pdns-backend-sqlite3":"4.1.2-bp150.2.6.1"}]},"package":{"ecosystem":"SUSE:Package Hub 15","name":"pdns","purl":"pkg:rpm/suse/pdns&distro=SUSE%20Package%20Hub%2015"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.1.2-bp150.2.6.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"pdns":"4.1.2-bp150.2.6.1","pdns-backend-geoip":"4.1.2-bp150.2.6.1","pdns-backend-godbc":"4.1.2-bp150.2.6.1","pdns-backend-ldap":"4.1.2-bp150.2.6.1","pdns-backend-lua":"4.1.2-bp150.2.6.1","pdns-backend-mydns":"4.1.2-bp150.2.6.1","pdns-backend-mysql":"4.1.2-bp150.2.6.1","pdns-backend-postgresql":"4.1.2-bp150.2.6.1","pdns-backend-remote":"4.1.2-bp150.2.6.1","pdns-backend-sqlite3":"4.1.2-bp150.2.6.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.0","name":"pdns","purl":"pkg:rpm/opensuse/pdns&distro=openSUSE%20Leap%2015.0"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.1.2-bp150.2.6.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for pdns fixes the following issue:\n\nSecurity issue fixed:\n\n- CVE-2019-3871: Fixed an insufficient validation in the HTTP remote backend which could allow a remote user \n  to cause the HTTP backend to connect to an attacker-specified host instead of the configured one (bsc#1129734).\n","id":"openSUSE-SU-2019:1128-1","modified":"2019-04-03T01:51:41Z","published":"2019-04-03T01:51:41Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6HWYPEI7LWADS6EXV3RDYBSB4K4WDP6U/#6HWYPEI7LWADS6EXV3RDYBSB4K4WDP6U"},{"type":"REPORT","url":"https://bugzilla.suse.com/1129734"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-3871"}],"related":["CVE-2019-3871"],"summary":"Security update for pdns","upstream":["CVE-2019-3871"]}