Accepted libnet-dns-perl 0.48-1sarge1 (source i386)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 07 Mar 2008 23:03:36 +0100
Source: libnet-dns-perl
Binary: libnet-dns-perl
Architecture: source i386
Version: 0.48-1sarge1
Distribution: oldstable-security
Urgency: high
Maintainer: Florian Hinzmann <fh@debian.org>
Changed-By: Florian Weimer <fw@deneb.enyo.de>
Description:
libnet-dns-perl - Perform DNS queries from a Perl script
Closes: 457445
Changes:
libnet-dns-perl (0.48-1sarge1) oldstable-security; urgency=high
.
* Malformed A records could lead to a Perl exception and program crash
(CVE-2007-6341). Closes: #457445.
* A very weak random number generator was used for transaction IDs
(CVE-2007-3377).
Perl's rand() is used in the patch against this vulnerability--it is
initialized from /dev/urandom, but the underlying LCG has only got 48
bits of state, so at the very least, a brute-force attack is still
possible if an attacker has got three subsequently generated
transaction IDs.
* The Perl implementation of dn_expand could recurse infinitely
(CVE-2007-3409). (On Debian systems, the C version is typically
used.)
Files:
69ce0c55a0c3876faaee37e78c592ec8 916 perl optional libnet-dns-perl_0.48-1sarge1.dsc
bd5bab1de250b947a3f00148d426f2e2 95754 perl optional libnet-dns-perl_0.48.orig.tar.gz
72b2f73855eceafb316f7fde51bc474e 6853 perl optional libnet-dns-perl_0.48-1sarge1.diff.gz
ee51c0d78f1482161f241fa9a37aba5a 217226 perl optional libnet-dns-perl_0.48-1sarge1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iQEVAwUBR9HHAb97/wQC1SS+AQIewAgAsEUs3Dkw9KWRut/FE8Tnjzh342dl8ElO
tSVSYSlY2YxyIrN/qTDt2Ze5IXcaepJZanIIkVgVj/EUVb36aCelhjeMGY/mktkE
D4XR2AuU1v46bAhnnERmVOuSj0lQZ7KOLGWYKxUyh+GroUfIApvcQbBQ5abLfAj8
8G9FBJvZ2yODqbTwbaRV/wg3tS004BGKgmekA8Chs8RHcLlseRHnt2vTMAMriANW
+Gt4FB0zMg3Debxr/ST1bCheLlIqIbB8NihAHAQG4C2cUcwcPzQk2uwHHWraCTaV
Co0FT+7Vi+kf7jrQqM8loPK3zY8grAjlfVDBo2Ht+AA29XF3OX8prQ==
=n/Em
-----END PGP SIGNATURE-----
Accepted:
libnet-dns-perl_0.48-1sarge1.diff.gz
to pool/main/libn/libnet-dns-perl/libnet-dns-perl_0.48-1sarge1.diff.gz
libnet-dns-perl_0.48-1sarge1.dsc
to pool/main/libn/libnet-dns-perl/libnet-dns-perl_0.48-1sarge1.dsc
libnet-dns-perl_0.48-1sarge1_i386.deb
to pool/main/libn/libnet-dns-perl/libnet-dns-perl_0.48-1sarge1_i386.deb
Reply to: