I think I have got a handle on what is going on here: http://samiam.org/blog/20111229.html
experimental [CVE-2011-5056]: This only affects the authoritative server. In previous versions this would be the same issue as the other CVS tickets because then the authoritative and recursive servers were one process. There has never been an issue in this release for the recursive process. However this is not going to be fixed until upstream release a new version. unstable/testing [CVE-2012-0024, CVE-2011-5055]: This was fixed in 1.4.09-1 but Sam has issued one further release, 1.4.10 with a last tweak. For this version all the three CVE tickets are fundamentally the same issue. stable [CVE-2012-0024, CVE-2011-5055]: I previously sent a debdiff. I need to issue a new one. oldstable [CVE-2012-0024, CVE-2011-5055, CVE-2010-2444]: I have not looked at this yet. Chances to fix CVE-2010-2444 were passed up before I became maintainer. I am not sure what to do now apart from issuing 1.4.10-1. Do I raise new bug reports? On 14/01/12 12:18, Julien Cristau wrote: > On Thu, Jan 12, 2012 at 22:55:10 +0000, Nicholas Bamber wrote: > >> Julien, >> Comments below. What is the next step? >> > On http://security-tracker.debian.org/tracker/source-package/maradns I > see three issues: CVE-2011-5055, CVE-2011-5056 and CVE-2012-0024. Which > one is this fixing, and what's the status of the 2011-505* ones in > unstable? They're listed as unfixed in the tracker. > > Cheers, > Julien -- Nicholas Bamber | http://www.periapt.co.uk/ PGP key 3BFFE73C from pgp.mit.edu -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4f13396e.1040...@periapt.co.uk