thijs at alioth.debian.org
2008-Jul-28 10:07 UTC
[Secure-testing-commits] r9441 - data/CVE
Author: thijs
Date: 2008-07-28 10:07:56 +0000 (Mon, 28 Jul 2008)
New Revision: 9441
Modified:
data/CVE/list
Log:
Marking non-caching stub resolvers as low since these really should be fixed,
but are much less vulnerable than a caching server. Adding some more stub
resolvers.
Modified: data/CVE/list
==================================================================---
data/CVE/list 2008-07-28 09:14:13 UTC (rev 9440)
+++ data/CVE/list 2008-07-28 10:07:56 UTC (rev 9441)
@@ -4294,11 +4294,15 @@
CVE-2008-1447 (The DNS protocol, as implemented in (1) BIND 8 and 9 before
9.5.0-P1, ...)
{DSA-1619-1 DSA-1617-1 DSA-1603-1 DTSA-147-1}
- bind9 1:9.5.0.dfsg-5 (high)
- - glibc <unfixed> (medium)
+ - glibc <unfixed> (low)
- dnsmasq 2.43-1 (medium; bug #490123)
- - python-dns 2.3.1-5 (bug #490217)
+ - python-dns 2.3.1-5 (low; bug #490217)
+ - python-dnspython <unfixed> (low; bug #492465)
+ - adns <unfixed> (low; bug #492698)
+ - libnet-dns-perl <unfixed> (low; bug #492700)
NOTE: Unbound, djbdns, pdnsd and PowerDNS are affected by the underlying
protocol issue, but
NOTE: already use source port randomization.
+ NOTE: Marking non-caching stub resolvers as low since these really should be
fixed, but are much less vulnerable than a caching server.
CVE-2008-1446
RESERVED
CVE-2008-1445 (Active Directory on Microsoft Windows 2000 Server SP4, XP
Professional ...)