Bug#434661: marked as done (bind9: vulnerability with cryptographically weak transaction IDs)

Sun, 29 Jul 2007 12:47:55 -0700 

Your message dated Sun, 29 Jul 2007 12:39:42 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#434661: Acknowledgement (bind9: vulnerability with 
cryptographically weak transaction IDs)
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message --- 
Package: bind9
Version: 1:9.4.1-1
Severity: important

Vulnerability described here:
http://www.trusteer.com/docs/bind9dns_s.html

Upstream patch available from isc.org.


-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.16-2-686
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/bash

Versions of packages bind9 depends on:
ii  adduser                       3.103      Add and remove users and groups
ii  libbind9-30                   1:9.4.1-1  BIND9 Shared Library used by BIND
ii  libc6                         2.5-9+b1   GNU C Library: Shared libraries
ii  libdns32                      1:9.4.1-1  DNS Shared Library used by BIND
ii  libisc32                      1:9.4.1-1  ISC Shared Library used by BIND
ii  libisccc30                    1:9.4.1-1  Command Channel Library used by BI
ii  libisccfg30                   1:9.4.1-1  Config File Handling Library used 
ii  liblwres30                    1:9.4.1-1  Lightweight Resolver Library used 
ii  libssl0.9.8                   0.9.8e-5   SSL shared libraries
ii  lsb-base                      3.1-23.1   Linux Standard Base 3.1 init scrip
ii  netbase                       4.29       Basic TCP/IP networking system

bind9 recommends no packages.

-- no debconf information

--- End Message ---
--- Begin Message --- 
Fix in etch changelog:
changelog.Debian.gz:  * Fix DNS cache poisoning through predictable query IDs. 
(CVE-2007-2926)

Fix in lenny/sid changelog:
changelog.gz:2203.      [security]      Query id generation was 
cryptographically weak.

--- End Message ---

Reply via email to