Your message dated Thu, 24 Jul 2008 23:04:52 +0200
with message-id <[EMAIL PROTECTED]>
and subject line Re: Reassigning bugs from bind to bind9
has caused the Debian Bug report #442910,
regarding CVE-2007-2930: bind 8 DNS poisoning vulnerability
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
442910: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=442910
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: bind
Version: 1:8.4.6-1
Severity: grave
Tags: security
Justification: user security hole
>From CVE-2007-2930:
The (1) NSID_SHUFFLE_ONLY and (2) NSID_USE_POOL PRNG algorithms in ISC BIND 8
before 8.4.7-P1 generate predictable DNS query identifiers when sending outgoing
queries such as NOTIFY messages when answering questions as a resolver, which
allows remote attackers to poison DNS caches via unknown vectors. NOTE: this
issue is different from CVE-2007-2926.
This is unfixed in sarge and etch.
--- End Message ---
--- Begin Message ---
Marco Rodrigues wrote:
>
> The bind package has been removed from Debian testing, unstable and
> experimental. I am reassigning its bugs to the bind9 package. Please
> have a look at them, and close them if they don't apply to
> bind9 anymore.
CVE-2007-2930 was specific to Bind 8 and doesn't affect Bind 9,
I'm closing this bug.
Cheers,
Moritz
--- End Message ---
