Re: Bug#653838: Inadequate source of entropy in recursive queries: maradns
To add even more confusion:
I did a final tweak to the hash compression function yesterday.
TL;DR summary: Use MaraDNS 1.3.07.14, 1.4.10, any 2.0 release, or
apply this patch to an older release of MaraDNS:
http://maradns.org/download/patches/maradns-1.3-better_hash.patch
Long summary:
I made one release, realized that had problems, made another release
the next day, realized *that* had problems, and made a (hopefully
final) third update yesterday:
http://samiam.org/blog/20111229.html
http://samiam.org/blog/20111230.html
http://samiam.org/blog/20120113.html
- Sam
2012/1/14 Julien Cristau <jcristau@debian.org>:
> On Thu, Jan 12, 2012 at 22:55:10 +0000, Nicholas Bamber wrote:
>
>> Julien,
>> Comments below. What is the next step?
>>
> On http://security-tracker.debian.org/tracker/source-package/maradns I
> see three issues: CVE-2011-5055, CVE-2011-5056 and CVE-2012-0024. Which
> one is this fixing, and what's the status of the 2011-505* ones in
> unstable? They're listed as unfixed in the tracker.
>
> Cheers,
> Julien
Reply to: