thijs at alioth.debian.org
2008-Jul-30 08:31 UTC
[Secure-testing-commits] r9473 - data/CVE
Author: thijs Date: 2008-07-30 08:31:09 +0000 (Wed, 30 Jul 2008) New Revision: 9473 Modified: data/CVE/list Log: adns isn''t supposed to be used with untrusted responses. working with maintainer to document this better (currently only documented in a file that isn''t installed into the package) Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-07-30 08:29:29 UTC (rev 9472) +++ data/CVE/list 2008-07-30 08:31:09 UTC (rev 9473) @@ -4348,11 +4348,12 @@ - dnsmasq 2.43-1 (medium; bug #490123) - python-dns 2.3.1-5 (low; bug #490217) - python-dnspython <unfixed> (low; bug #492465) - - adns <unfixed> (low; bug #492698) + - adns <unfixed> (unimportant; bug #492698) - libnet-dns-perl <unfixed> (low; bug #492700) NOTE: Unbound, djbdns, pdnsd and PowerDNS are affected by the underlying protocol issue, but NOTE: already use source port randomization. NOTE: Marking non-caching stub resolvers as low since these really should be fixed, but are much less vulnerable than a caching server. + NOTE: adns is not suitable to use with untrusted responses, working to document this better CVE-2008-1446 RESERVED CVE-2008-1445 (Active Directory on Microsoft Windows 2000 Server SP4, XP Professional ...)