[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#653838: Inadequate source of entropy in recursive queries: maradns

To add even more confusion:

I did a final tweak to the hash compression function yesterday.

TL;DR summary: Use MaraDNS 1.3.07.14, 1.4.10, any 2.0 release, or
apply this patch to an older release of MaraDNS:

http://maradns.org/download/patches/maradns-1.3-better_hash.patch

Long summary:

I made one release, realized that had problems, made another release
the next day, realized *that* had problems, and made a (hopefully
final) third update yesterday:

http://samiam.org/blog/20111229.html
http://samiam.org/blog/20111230.html
http://samiam.org/blog/20120113.html

- Sam

2012/1/14 Julien Cristau <jcristau@debian.org>:
> On Thu, Jan 12, 2012 at 22:55:10 +0000, Nicholas Bamber wrote:
>
>> Julien,
>>       Comments below. What is the next step?
>>
> On http://security-tracker.debian.org/tracker/source-package/maradns I
> see three issues: CVE-2011-5055, CVE-2011-5056 and CVE-2012-0024.  Which
> one is this fixing, and what's the status of the 2011-505* ones in
> unstable?  They're listed as unfixed in the tracker.
>
> Cheers,
> Julien
Reply to: