[Secure-testing-commits] r9267 - data/CVE

fw at alioth.debian.org fw at alioth.debian.org
Wed Jul 9 08:55:34 UTC 2008


Author: fw
Date: 2008-07-09 08:55:33 +0000 (Wed, 09 Jul 2008)
New Revision: 9267

Modified:
   data/CVE/list
Log:
CVE-2008-1447: add more DNS implementations

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-07-08 23:15:14 UTC (rev 9266)
+++ data/CVE/list	2008-07-09 08:55:33 UTC (rev 9267)
@@ -3628,10 +3628,15 @@
 	RESERVED
 CVE-2008-1448
 	RESERVED
-CVE-2008-1447
+CVE-2008-1447 [lack of source port randomization in DNS resolvers]
 	RESERVED
 	{DSA-1603-1}
-	- bind9 1:9.5.0.dfsg-5
+	- bind9 1:9.5.0.dfsg-5 (high)
+	- glibc <unfixed> (medium)
+	- dnsmasq <unfixed> (medium)
+	- pdnsd <unfixed> (medium)
+	NOTE: Unbound and PowerDNS are affected by the underlying protocol issue, but
+	NOTE: already use source port randomization.
 CVE-2008-1446
 	RESERVED
 CVE-2008-1445 (Active Directory on Microsoft Windows 2000 Server SP4, XP Professional ...)




More information about the Secure-testing-commits mailing list