Hello Scott, * 2008-09-17 17:18, Scott Kitterman wrote: > Also in Sid/Lenny. It looks like there were buffer packing implications in > the security fix that neither upstream nor myself appreciated when we wrote > it. The security fix had two parts: source port randomization and > transaction ID randomization. If instead of reverted to the package that has > neither, you change 'self.tid' to '0' in line 199 > of /var/lib/python-support/python2.4/DNS/Base.py you will work around this > problem and still have source port randomization. > > I've contacted upstream and will get this sorted out.
Thanks for your answer, I'm cc'ing the security team to bring to their attention the bug report: we'll have to issue a new security update with the fix. Best regards, -- Fabio Tranchitella http://www.kobold.it Free Software Developer and Consultant http://www.tranchitella.it _____________________________________________________________________ 1024D/7F961564, fpr 5465 6E69 E559 6466 BF3D 9F01 2BF8 EE2B 7F96 1564 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
