[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#653838: Inadequate source of entropy in recursive queries: maradns



On 15.01.2012 20:39, Nicholas Bamber wrote:
unstable/testing [CVE-2012-0024, CVE-2011-5055]: This was fixed in
1.4.09-1 but Sam has issued one further release, 1.4.10 with a last
tweak. For this version all the three CVE tickets are fundamentally the
same issue.

stable [CVE-2012-0024, CVE-2011-5055]: I previously sent a debdiff. I
need to issue a new one.
[...]
I am not sure what to do now apart from issuing 1.4.10-1. Do I raise new
bug reports?

Based on the above, I'd suggest, in order:

- update unstable, ensuring that all relevant bugs are fixed there

- confirm with the security team that they don't wish to issue a fix for CVE-2011-5055 directly, if you haven't already done so (I suspect they won't, but the security tracker doesn't indicate that right now, so it's worth checking)

- assuming a nack from the security team, prepare an updated package from stable and send the new debdiff to this thread

Does that sound reasonable?

Regards,

Adam


Reply to: