Author: thijs Date: 2011-12-31 12:48:26 +0000 (Sat, 31 Dec 2011) New Revision: 17937 Modified: data/CVE/list Log: maradns hash randomization maintainer is working on updates Modified: data/CVE/list ==================================================================--- data/CVE/list 2011-12-31 12:21:50 UTC (rev 17936) +++ data/CVE/list 2011-12-31 12:48:26 UTC (rev 17937) @@ -1,3 +1,9 @@ +CVE-2011-XXXX (MaraDNS hash randomization) + - maradns <unfixed> + [squeeze] - maradns <no-dsa> (Minor issue) + [lenny] - maradns <no-dsa> (Minor issue) + NOTE: VU#903934 + NOTE: a DoS that requires being able to do recursive queries. Allowing recursive queries to the general public is already a security issue to begin with, so this issue can better be addressed in a point update. CVE-2011-5037 (Google V8 computes hash values for form parameters without restricting ...) TODO: check CVE-2011-5036 (Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6 computes ...)