[MaraDNS list] MaraDNS/Deadwood update
Sam Trenholme
maradns at gmail.com
Thu May 23 22:44:34 EDT 2013
>> unless a critical security bug with a CVE number is found.
>
> Nice of you to say that, but really, how often does that happen lol.
> It's not like we're talking about BIND ;)
MaraDNS has had, in its 11 years of existence, 11 CVE security
reports. 4 of those are ones I found myself (2002-2097, 2011-5055,
2011-5056, and 2012-0024) and the other seven by third parties (albeit
two: 2008-0061 and 2010-2444, as simple non-security bugs). So, yeah,
another one may pop up.
Of the 11 bugs, only two (2010-2444 and 2012-1570) come from post-1.0
code. MaraDNS 1.0 was a somewhat sloppy rush job.
- Sam
More information about the list
mailing list