> Subject: Re: Bug#499433: pdnsd: this bug really is a security issue No it's not. This bug is about packaging a new upstream, which is a no-go at this point of the freeze.
On Tue, Oct 14, 2008 at 01:02:21PM +0000, Helmut Grohne wrote: > Package: pdnsd > Version: 1.2.6-par-10 > Followup-For: Bug #499433 > Severity: grave > > 14:48:00.688906 IP aaa.aaa.aaa.aaa.38399 > bbb.bbb.bbb.bbb.53: 43459+ A? > sdjfhsdjkfhj1.com. (35) > 14:48:00.698405 IP bbb.bbb.bbb.bbb.53 > aaa.aaa.aaa.aaa.38399: 43459 > NXDomain* 0/1/0 (108) > 14:48:00.699067 IP aaa.aaa.aaa.aaa.38400 > bbb.bbb.bbb.bbb.53: 19837+ A? > sdjfhsdjkfhj1.com.the.local.domain. (52) > 14:48:00.699461 IP bbb.bbb.bbb.bbb.53 > aaa.aaa.aaa.aaa.38400: 19837 > NXDomain* 0/1/0 (102) > 14:48:04.178967 IP aaa.aaa.aaa.aaa.38401 > bbb.bbb.bbb.bbb.53: 6424+ A? > sdjfhsdjkfhj2.com. (35) > 14:48:04.186806 IP bbb.bbb.bbb.bbb.53 > aaa.aaa.aaa.aaa.38401: 6424 NXDomain* > 0/1/0 (108) > 14:48:04.187562 IP aaa.aaa.aaa.aaa.38402 > bbb.bbb.bbb.bbb.53: 63360+ A? > sdjfhsdjkfhj2.com.the.local.domain. (52) > 14:48:04.187975 IP bbb.bbb.bbb.bbb.53 > aaa.aaa.aaa.aaa.38402: 63360 > NXDomain* 0/1/0 (102) > 14:48:05.482649 IP aaa.aaa.aaa.aaa.38403 > bbb.bbb.bbb.bbb.53: 20028+ A? > sdjfhsdjkfhj3.com. (35) > 14:48:05.755718 IP bbb.bbb.bbb.bbb.53 > aaa.aaa.aaa.aaa.38403: 20028 > NXDomain* 0/1/0 (108) > 14:48:05.756263 IP aaa.aaa.aaa.aaa.38404 > bbb.bbb.bbb.bbb.53: 59106+ A? > sdjfhsdjkfhj3.com.the.local.domain. (52) > 14:48:05.756770 IP bbb.bbb.bbb.bbb.53 > aaa.aaa.aaa.aaa.38404: 59106 > NXDomain* 0/1/0 (102) > 14:48:09.445224 IP aaa.aaa.aaa.aaa.38405 > bbb.bbb.bbb.bbb.53: 63943+ A? > sdjfhsdjkfhj4.com. (35) > 14:48:09.604176 IP bbb.bbb.bbb.bbb.53 > aaa.aaa.aaa.aaa.38405: 63943 > NXDomain* 0/1/0 (108) > 14:48:09.604678 IP aaa.aaa.aaa.aaa.38406 > bbb.bbb.bbb.bbb.53: 56120+ A? > sdjfhsdjkfhj4.com.the.local.domain. (52) > 14:48:09.605096 IP bbb.bbb.bbb.bbb.53 > aaa.aaa.aaa.aaa.38406: 56120 > NXDomain* 0/1/0 (102) > 14:48:10.850705 IP aaa.aaa.aaa.aaa.38407 > bbb.bbb.bbb.bbb.53: 26718+ A? > sdjfhsdjkfhj5.com. (35) > 14:48:10.861259 IP bbb.bbb.bbb.bbb.53 > aaa.aaa.aaa.aaa.38407: 26718 > NXDomain* 0/1/0 (108) > 14:48:10.861707 IP aaa.aaa.aaa.aaa.38408 > bbb.bbb.bbb.bbb.53: 56367+ A? > sdjfhsdjkfhj5.com.the.local.domain. (52) > 14:48:10.862295 IP bbb.bbb.bbb.bbb.53 > aaa.aaa.aaa.aaa.38408: 56367 > NXDomain* 0/1/0 (102) > 14:48:12.256789 IP aaa.aaa.aaa.aaa.38411 > bbb.bbb.bbb.bbb.53: 44406+ A? > sdjfhsdjkfhj6.com. (35) > 14:48:12.289141 IP bbb.bbb.bbb.bbb.53 > aaa.aaa.aaa.aaa.38411: 44406 > NXDomain* 0/1/0 (108) > 14:48:12.289567 IP aaa.aaa.aaa.aaa.38412 > bbb.bbb.bbb.bbb.53: 34974+ A? > sdjfhsdjkfhj6.com.the.local.domain. (52) > 14:48:12.290042 IP bbb.bbb.bbb.bbb.53 > aaa.aaa.aaa.aaa.38412: 34974 > NXDomain* 0/1/0 (102) > 14:48:13.617108 IP aaa.aaa.aaa.aaa.38413 > bbb.bbb.bbb.bbb.53: 7010+ A? > sdjfhsdjkfhj7.com. (35) > 14:48:13.630783 IP bbb.bbb.bbb.bbb.53 > aaa.aaa.aaa.aaa.38413: 7010 NXDomain* > 0/1/0 (108) > 14:48:13.631756 IP aaa.aaa.aaa.aaa.38414 > bbb.bbb.bbb.bbb.53: 35773+ A? > sdjfhsdjkfhj7.com.the.local.domain. (52) > 14:48:13.632283 IP bbb.bbb.bbb.bbb.53 > aaa.aaa.aaa.aaa.38414: 35773 > NXDomain* 0/1/0 (102) > 14:48:14.994027 IP aaa.aaa.aaa.aaa.38415 > bbb.bbb.bbb.bbb.53: 34368+ A? > sdjfhsdjkfhj8.com. (35) > 14:48:15.002921 IP bbb.bbb.bbb.bbb.53 > aaa.aaa.aaa.aaa.38415: 34368 > NXDomain* 0/1/0 (108) > 14:48:15.003520 IP aaa.aaa.aaa.aaa.38416 > bbb.bbb.bbb.bbb.53: 49461+ A? > sdjfhsdjkfhj8.com.the.local.domain. (52) > 14:48:15.004545 IP bbb.bbb.bbb.bbb.53 > aaa.aaa.aaa.aaa.38416: 49461 > NXDomain* 0/1/0 (102) > > There have been tons of DSAs concerning CVE-2008-1447. This bug *still* > applies to pdnsd as can be seen above. FWIW, I'm probably dense an I didn't have my coffee and I "see" nothing here. > It is fixed in 1.2.7-par according to > http://secunia.com/advisories/31847/. This is again NOT an option. -- ·O· Pierre Habouzit ··O [EMAIL PROTECTED] OOO http://www.madism.org
pgpp33bGzNyT7.pgp
Description: PGP signature
