[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver

Quoting Hubert Chathi (uhoreg@debian.org):

> I'm really more concerned about the fact that it's orphaned.  And it
> appears to be unmaintained upstream (last release in 2001, and
> upstream moved it from the "releases" directory to the "old-releases"
> directory).

Point taken.  I assume you are referring to

Here's original NSS module author Mark Kettenis <kettenis@gnu.org>'s
release announcement in July 2000:

I guess we can hope that the current security incident will encourage
the glibc developers to consider adopting Kettenis's NSS code, as part
of a larger plan to (finally!) phase out the legacy BIND8 resolver code.
But that won't happen quickly, if at all, I fear.

Reply to: