clone 499433 -1 retitle -1 pdnsd does not randomize source ports by default severity -1 grave tags -1 security thanks
> No it's not. This bug is about packaging a new upstream, which is a > no-go at this point of the freeze. As you wish. > > It is fixed in 1.2.7-par according to > > http://secunia.com/advisories/31847/. > This is again NOT an option. I fully support this point. Nevertheless the issue must be fixed. Fortunately this is easy: The default value of query_port_start=0 which effectively lets the kernel choose source ports (sequentially). Shipping a new config file with query_port_start=1024 solves the issue (verified on sid/amd64 and etch/i386). Additionally I suggest a cirtical debconf question in case this value is not found in a unchanged configuration file. Affected distributions include etch, lenny and sid. Helmut -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
