Your message dated Sun, 14 Sep 2008 16:36:51 +0200
with message-id <[EMAIL PROTECTED]>
and subject line Issue fixed by 3.1.4-1+etch1
has caused the Debian Bug report #493576,
regarding pdns-server: CVE-2008-3217 ( PowerDNS Recursor before 3.1.6 does not
always use the strongest random number generator... )
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
493576: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=493576
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: pdns-server
Version: 2.9.21-6
Severity: serious
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for pdns-server.
CVE-2008-3217[0]:
| PowerDNS Recursor before 3.1.6 does not always use the strongest
| random number generator for source port selection, which makes it
| easier for remote attack vectors to conduct DNS cache poisoning.
NOTE:
| this is related to incomplete integration of security improvements
| associated with addressing CVE-2008-1637.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3217
http://security-tracker.debian.net/tracker/CVE-2008-3217
Kind regards,
Thomas.
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
This bug doesn't warrant a new upload fixing it in the 'changelog' file.
The issue has apparently been fixed already in revision 3.1.4-1+etch1. So
I'm closing this bug.
Christoph
signature.asc
Description: This is a digitally signed message part.
--- End Message ---
