'Re: [oss-security] CVE request: PowerDNS recursor source port randomization'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE request: PowerDNS recursor source port randomization
From:       Florian Weimer <fw () deneb ! enyo ! de>
Date:       2008-07-16 19:12:44
Message-ID: 87bq0xod77.fsf () mid ! deneb ! enyo ! de
[Download RAW message or body]

* Florian Weimer:

> 3.1.5 did not use the strong PRNG for source port selection.
> References:
>
> <http://doc.powerdns.com/changelog.html#CHANGELOG-RECURSOR-3-1-6>
> <http://wiki.powerdns.com/cgi-bin/trac.fcgi/changeset/1179>
>
> Somehow this fell through the cracks. 8-(

We reissued a new security update with the old CVE, as no decision on a
SPLIT was reached in time.

I believe that the CVE description should be updated ("before version
3.1.6" instead of "before version 3.1.5").
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic