[Secure-testing-commits] r17937 - data/CVE
Thijs Kinkhorst
thijs at alioth.debian.org
Sat Dec 31 12:48:27 UTC 2011
Author: thijs
Date: 2011-12-31 12:48:26 +0000 (Sat, 31 Dec 2011)
New Revision: 17937
Modified:
data/CVE/list
Log:
maradns hash randomization
maintainer is working on updates
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2011-12-31 12:21:50 UTC (rev 17936)
+++ data/CVE/list 2011-12-31 12:48:26 UTC (rev 17937)
@@ -1,3 +1,9 @@
+CVE-2011-XXXX (MaraDNS hash randomization)
+ - maradns <unfixed>
+ [squeeze] - maradns <no-dsa> (Minor issue)
+ [lenny] - maradns <no-dsa> (Minor issue)
+ NOTE: VU#903934
+ NOTE: a DoS that requires being able to do recursive queries. Allowing recursive queries to the general public is already a security issue to begin with, so this issue can better be addressed in a point update.
CVE-2011-5037 (Google V8 computes hash values for form parameters without restricting ...)
TODO: check
CVE-2011-5036 (Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6 computes ...)
More information about the Secure-testing-commits
mailing list