Control: retitle -1 knot: CVE-2017-11104: Improper TSIG validity period check can allow TSIG forgery
On Fri, Jun 23, 2017 at 07:01:49PM +0200, Salvatore Bonaccorso wrote: > Source: knot > Version: 2.4.3-1 > Severity: grave > Tags: security upstream patch > Control: found -1 2.5.1-1 > > Hi > > See > https://lists.nic.cz/pipermail/knot-dns-users/2017-June/001144.html > and > http://www.synacktiv.ninja/ressources/Knot_DNS_TSIG_Signature_Forgery.pdf > and filling a bug in BTS to have a reference, afaik there is no CVE > yet assigned. > > [16:19] < KGB-1> Yves-Alexis Perez 52846 /data/CVE/list add temporary entry > for knot > [16:21] < Corsac> ondrej: I guess you know about it? > > Please adjust the affected versions in the BTS as needed. This now was assigned CVE-2017-11104. Regards, Salvatore
