On Fri, Dec 04, 2020 at 12:13:02PM +0100, mj wrote: > Hi, > > I am wondering about the SAD DNS vulnerability, and wether or not it is > solved in up-to-date debian 10.6. > > https://blog.kernelcare.com/vulnerability/kernelcare-patches-for-sad-dns-are-on-the-way > > It says, bottom of the page, that fixes are scheduled to in week 48 for > debian and ubuntu. > > However, I haven't seen any kernel updates. > > Anyone with more information? (or pointers where to look for more > debian-specific info) > The Debian Security Tracker shows the status of the associated CVE in Debian:
https://security-tracker.debian.org/tracker/CVE-2020-25705 Essentially, the fix is in testing/unstable but has yet to reach stable and oldstable. Regards, -Roberto -- Roberto C. Sánchez