Re: Bug#653838: Inadequate source of entropy in recursive queries: maradns
I think I have got a handle on what is going on here:
experimental [CVE-2011-5056]: This only affects the authoritative
server. In previous versions this would be the same issue as the other
CVS tickets because then the authoritative and recursive servers were
one process. There has never been an issue in this release for the
recursive process. However this is not going to be fixed until upstream
release a new version.
unstable/testing [CVE-2012-0024, CVE-2011-5055]: This was fixed in
1.4.09-1 but Sam has issued one further release, 1.4.10 with a last
tweak. For this version all the three CVE tickets are fundamentally the
stable [CVE-2012-0024, CVE-2011-5055]: I previously sent a debdiff. I
need to issue a new one.
oldstable [CVE-2012-0024, CVE-2011-5055, CVE-2010-2444]: I have not
looked at this yet. Chances to fix CVE-2010-2444 were passed up before I
I am not sure what to do now apart from issuing 1.4.10-1. Do I raise new
On 14/01/12 12:18, Julien Cristau wrote:
> On Thu, Jan 12, 2012 at 22:55:10 +0000, Nicholas Bamber wrote:
>> Comments below. What is the next step?
> On http://security-tracker.debian.org/tracker/source-package/maradns I
> see three issues: CVE-2011-5055, CVE-2011-5056 and CVE-2012-0024. Which
> one is this fixing, and what's the status of the 2011-505* ones in
> unstable? They're listed as unfixed in the tracker.
Nicholas Bamber | http://www.periapt.co.uk/
PGP key 3BFFE73C from pgp.mit.edu