[MaraDNS list] MaraDNS 1.4.08 and MaraDNS 1.3.07.12 released
Sam Trenholme
maradns at gmail.com
Fri Dec 30 16:17:45 EST 2011
In terms of issuing a Debian security update:
MaraDNS 2 is not affected and does not need to be patched.
I have a minimal patch fixing only this security issue:
http://maradns.org/download/patches/maradns-1.3-secret_hash.patch
The patch requires /dev/urnadom; Debian has this. [1]
While there isn't a CVE for this issue in relation to MaraDNS, the
problem is covered by CERT VU#903934 [2]
- Sam
[1] There really isn't much out there besides DOS and Windows that
doesn't have /dev/urandom these days.
[2] This will hopefully preclude Debian's bureaucratic hoop of needing
a vulnerability number before patching MaraDNS
More information about the list
mailing list