linux.debian.changes
[Top] [All Lists]
<prev [Date] next>
Google
 
<prev [Thread] next>

Accepted libnet-dns-perl 0.59-1etch1 (source amd64)

from [Florian Weimer]
Subject: Accepted libnet-dns-perl 0.59-1etch1 (source amd64)
From: Florian Weimer <fw@xxxxxxxxxxxxx>
Date: Sat, 26 Jul 2008 12:30:33 +0200
Newsgroups: linux.debian.changes 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Fri, 07 Mar 2008 22:17:33 +0100
Source: libnet-dns-perl
Binary: libnet-dns-perl
Architecture: source amd64
Version: 0.59-1etch1
Distribution: stable-security
Urgency: high
Maintainer: Florian Hinzmann <fh@xxxxxxxxxx>
Changed-By: Florian Weimer <fw@xxxxxxxxxxxxx>
Description: 
 libnet-dns-perl - Perform DNS queries from a Perl script
Closes: 457445
Changes: 
 libnet-dns-perl (0.59-1etch1) stable-security; urgency=high
 .
   * Malformed A records could lead to a Perl exception and program crash
     (CVE-2007-6341).  Closes: #457445.
   * A very weak random number generator was used for transaction IDs
     (CVE-2007-3377).
     Perl's rand() is used in the patch against this vulnerability--it is
     initialized from /dev/urandom, but the underlying LCG has only got 48
     bits of state, so at the very least, a brute-force attack is still
     possible if an attacker has got three subsequently generated
     transaction IDs.
   * The Perl implementation of dn_expand could recurse infinitely
     (CVE-2007-3409).  (On Debian systems, the C version is typically
     used.)
Files: 
 97a61f446273f49c42348334f5cc9ba8 915 perl optional 
libnet-dns-perl_0.59-1etch1.dsc
 d3408875f34e5fa0a313a4a21c70e832 137998 perl optional 
libnet-dns-perl_0.59.orig.tar.gz
 bfbdf3851e092853756b78e648b5af29 7584 perl optional 
libnet-dns-perl_0.59-1etch1.diff.gz
 ac599d5c037f6488e039887081d4d93b 252906 perl optional 
libnet-dns-perl_0.59-1etch1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iQEVAwUBR9HHAb97/wQC1SS+AQKbNgf+MsUMd8TmleXs57Jnjmts57VThIfhcyWY
yYaHHPw/VXbO7bvA/Ts+Y4KeMbfpzsWB7PPXxhCLMbwsoUkwre7FaDuy5FJOUuBp
yCPItusH3krpKGnJTPB8sPCbIISk0bLFjairg3ybTKMoLQ2Ok3nv0nVbmwxXD6E3
rJHPHqfP6KmYt2imEocGZEI+chqdOKX4eYo5wv3b/HRJHyoDzW1HiREz2VJRAwE/
JD4XMcfotwCPRChU8nR1xAuiA5DPQWhgx2x+8v/eYve6CSe+yWJrgQ6s0xkf0CTX
oo4cE72rYmyPeXy88mjYx/v99p3ygRcT3473PPH4HLm3PDPxOuo7Uw==
=a+2f
-----END PGP SIGNATURE-----


Accepted:
libnet-dns-perl_0.59-1etch1.diff.gz
  to pool/main/libn/libnet-dns-perl/libnet-dns-perl_0.59-1etch1.diff.gz
libnet-dns-perl_0.59-1etch1.dsc
  to pool/main/libn/libnet-dns-perl/libnet-dns-perl_0.59-1etch1.dsc
libnet-dns-perl_0.59-1etch1_amd64.deb
  to pool/main/libn/libnet-dns-perl/libnet-dns-perl_0.59-1etch1_amd64.deb


-- 
To UNSUBSCRIBE, email to debian-changes-REQUEST@xxxxxxxxxxxxxxxx
with a subject of "unsubscribe". Trouble? Contact listmaster@xxxxxxxxxxxxxxxx
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • Accepted libnet-dns-perl 0.59-1etch1 (source amd64), Florian Weimer <=
Previous by Date:  Accepted php4 6:4.4.4-8+etch6 (source all amd64), Sean Finney
Next by Date:  Accepted hal 0.5.8.1-9etch1 (source i386 all), Michael Biebl
Previous by Thread:  Accepted php4 6:4.4.4-8+etch6 (source all amd64), Sean Finney
Next by Thread:  Accepted hal 0.5.8.1-9etch1 (source i386 all), Michael Biebl
Indexes:  [Date] [Thread] [Top] [All Lists]