Control: tags -1 + confirmed On 2014-06-16 10:45, Ondřej Surý wrote:
I have prepared security, but non-dsa, update to ldns that creates private DNSSEC keys with default umask (CVE-2014-3209). The patch is very simple and it has been prepared by upstream.
[...]
ldns (1.6.13-1+deb7u1) stable-security; urgency=medium .* [CVE-2014-3209]: fix ldns-keygen writing private DNSKEYs with defaultumask (Closes: #746758) [...] It's not a critical issue (hence non-DSA), but it would be nice to have this fixed in stable.
Please s/stable-security/wheezy/ in the changelog and go ahead; thanks. Regards, Adam