NIXPKGS-2026-0214

GitHub issue published on 10 Feb 2026

Permalink CVE-2025-59024

updated 2 days ago by @LeSuisse Activity log

Created automatic suggestion 2 days, 6 hours ago
@LeSuisse removed package rotp 2 days, 2 hours ago
@LeSuisse removed
2 maintainers
- @rnhmjoj
- @jtrees
2 days ago
@LeSuisse accepted 2 days ago
@LeSuisse published on GitHub 2 days ago

Crafted delegations or IP fragments can poison cached delegations in Recursor

Crafted delegations or IP fragments can poison cached delegations in Recursor.

Affected products

pdns-recursor

<5.2.6
<5.1.8
<5.3.1

Matching in nixpkgs

pkgs.pdns-recursor

Recursive DNS server

nixos-unstable 5.3.4
- nixpkgs-unstable 5.3.4
- nixos-unstable-small 5.3.4
nixos-25.11 5.2.7
- nixos-25.11-small 5.2.7
- nixpkgs-25.11-darwin 5.2.7

Ignored packages (1)

pkgs.rotp

Open-source modernization of the 1993 classic "Master of Orion", written in Java

nixos-unstable 1.04
- nixpkgs-unstable 1.04
- nixos-unstable-small 1.04
nixos-25.11 1.04
- nixos-25.11-small 1.04
- nixpkgs-25.11-darwin 1.04

Package maintainers

Ignored maintainers (2)

@rnhmjoj Michele Guerini Rocco <rnhmjoj@inventati.org>
@jtrees Joshua Trees <me@jtrees.io>

Fixed in:
* https://github.com/NixOS/nixpkgs/commit/42bb4a06d4a01d3dbfca9a19a9daef7cb7560374 (25.11)
* https://github.com/NixOS/nixpkgs/commit/f4cf3fc15536fdc273350b98ad8f4289f32512d2 (unstable)

Nixpkgs Security Tracker

Details of issue NIXPKGS-2026-0214

Affected products

Matching in nixpkgs

pkgs.pdns-recursor

pkgs.rotp

Package maintainers