On 2/24/2016 03:35, Kristian Fiskerstrand wrote: > On 02/24/2016 10:19 AM, Mire, John wrote: > >> The gossip, queries and stats traffic is not a problem, according >> to Security, what they were questioning me about was the queries to >> the server flagging CVE-2014-3207 as a concern. I had to look up >> this vuln and couldn't answer their questions. I know I'm running >>> = 1.1.5 so I don't have to worry. So if there are scripts being >> run against the server that should be whitelisted, it's not >> documented anywhere they could find, including the wiki and the >> associated links for source. > Heh, > > Yeah, that'd be one of mine. SKS 1.1.5 is not affected, but there > possible server mitigations for lower versions so simple test is made: > > https://git.sumptuouscapital.com/?p=sks-keyservers-pool.git;a=blob;f=sks-keyservers.net/status-srv/test_cve-2014-3207.sh;h=a4a959e67461cf2d68c23ed5a5dd161d693d87eb;hb=HEAD > > Thanks! I'll forward that to them. /john
-- John Mire: jm...@lsuhsc.edu LSU Health System _______________________________________________ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel