Re: pdns/pdns-recursor

To: Abhijith PA <abhijith@disroot.org>
Cc: Debian LTS <debian-lts@lists.debian.org>
Subject: Re: pdns/pdns-recursor
From: Moritz Mühlenhoff <jmm@inutil.org>
Date: Sat, 22 Dec 2018 10:16:33 +0100
Message-id: <[🔎] 20181222091633.GA7678@pisco.westfalen.local>
In-reply-to: <[🔎] 1e9d9077-0e95-c4bf-d3dd-0e4c63b327c4@disroot.org>
References: <[🔎] 1e9d9077-0e95-c4bf-d3dd-0e4c63b327c4@disroot.org>

On Sat, Dec 22, 2018 at 01:02:06PM +0530, Abhijith PA wrote:
> Hello.
> 
> 
> I am currently working on pdns[1] and pdns-recursor's[2] security issues
> and which are marked as no-DSA, postponed. Last month I picked it up as
> I had some time remaining. Upstream patch is available for the remaining
> issues(CVE-2018-10851, CVE-2018-14644). Both patches contain C++11
> specific code and I was only able to port CVE-2018-14644. In
> CVE-2018-10851 I used 'boost' library's smart pointers to deal with the
> default C++11 smart pointers, but I am not quite there. I was wondering
> whether anyone here can _help_ me with it. I don't want to spend anymore
> time in it as it is not so popular one and it has no-DSA postponed
> priority.

The DNSSEC-related bugs were not fixed in a DSA since DNSSEC support
in 4.0 isn't production-ready, upstream only deems it fully usable
in 4.1. As such you can safely mark them for jessie as <ignored>.

Cheers,
        Moritz

Reply to:

References:
- pdns/pdns-recursor
  - From: Abhijith PA <abhijith@disroot.org>

Prev by Date: pdns/pdns-recursor
Next by Date: RFC: proposed fix for CVE-2018-19518 in uw-imap
Previous by thread: pdns/pdns-recursor
Next by thread: limits of automatic unclaiming (Re: pdns/pdns-recursor)
Index(es):
- Date
- Thread