[MaraDNS list] MaraDNS/Deadwood update

Sam Trenholme maradns at gmail.com
Thu May 23 22:44:34 EDT 2013

>> unless a critical security bug with a CVE number is found.
> Nice of you to say that, but really, how often does that happen lol.
> It's not like we're talking about BIND ;)

MaraDNS has had, in its 11 years of existence, 11 CVE security
reports.  4 of those are ones I found myself (2002-2097, 2011-5055,
2011-5056, and 2012-0024) and the other seven by third parties (albeit
two: 2008-0061 and 2010-2444, as simple non-security bugs).  So, yeah,
another one may pop up.

Of the 11 bugs, only two (2010-2444 and 2012-1570) come from post-1.0
code.  MaraDNS 1.0 was a somewhat sloppy rush job.

- Sam

More information about the list mailing list