severity 449148 grave
tags 449148 + security
thanks
Hi,
You pointed out earlier in the bug log that is is a "critical" (sic) bug
but there wasn't a fix prepared for etch.
I wasn't aware of this change until I discovered[1] (via slashdot) a
blog post explaining that the old IP address was still in use by a
non-authoritative body, possibly recording queries and therefore
gathering sensitive information.
The old IP address has actually stopped responding to queries and
therefore this isn't a very great deal, security-wise, right now.
It is, however, a serious (imho) bug since 1 of the 13 root NS on etch
systems isn't responding to queries.
Also, nothing (AFAIK) is stopping the new owner to start responding to
queries again, perhaps for malicious purposes such as recording data --
or worse, responding with fake answers!
Please fix this bug for etch; I'd vote to do it via a security upload
(and a DSA) but I guess an update through a stable point release would
also be an option.
Thanks,
Faidon
1:
http://www.renesys.com/blog/2008/05/identity_theft_hits_the_root_n_1.shtml
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]