[Secure-testing-commits] r9267 - data/CVE

fw Wed, 09 Jul 2008 01:55:41 -0700

Author: fw
Date: 2008-07-09 08:55:33 +0000 (Wed, 09 Jul 2008)
New Revision: 9267


Modified:
   data/CVE/list
Log:
CVE-2008-1447: add more DNS implementations

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2008-07-08 23:15:14 UTC (rev 9266)
+++ data/CVE/list       2008-07-09 08:55:33 UTC (rev 9267)
@@ -3628,10 +3628,15 @@
        RESERVED
 CVE-2008-1448
        RESERVED
-CVE-2008-1447
+CVE-2008-1447 [lack of source port randomization in DNS resolvers]
        RESERVED
        {DSA-1603-1}
-       - bind9 1:9.5.0.dfsg-5
+       - bind9 1:9.5.0.dfsg-5 (high)
+       - glibc <unfixed> (medium)
+       - dnsmasq <unfixed> (medium)
+       - pdnsd <unfixed> (medium)
+       NOTE: Unbound and PowerDNS are affected by the underlying protocol 
issue, but
+       NOTE: already use source port randomization.
 CVE-2008-1446
        RESERVED
 CVE-2008-1445 (Active Directory on Microsoft Windows 2000 Server SP4, XP 
Professional ...)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r9267 - data/CVE

Reply via email to