[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#653838: Inadequate source of entropy in recursive queries: maradns

To add even more confusion:

I did a final tweak to the hash compression function yesterday.

TL;DR summary: Use MaraDNS, 1.4.10, any 2.0 release, or
apply this patch to an older release of MaraDNS:


Long summary:

I made one release, realized that had problems, made another release
the next day, realized *that* had problems, and made a (hopefully
final) third update yesterday:


- Sam

2012/1/14 Julien Cristau <jcristau@debian.org>:
> On Thu, Jan 12, 2012 at 22:55:10 +0000, Nicholas Bamber wrote:
>> Julien,
>>       Comments below. What is the next step?
> On http://security-tracker.debian.org/tracker/source-package/maradns I
> see three issues: CVE-2011-5055, CVE-2011-5056 and CVE-2012-0024.  Which
> one is this fixing, and what's the status of the 2011-505* ones in
> unstable?  They're listed as unfixed in the tracker.
> Cheers,
> Julien

Reply to: