* Gerrit Pape:
Hi, this seems to be a misunderstanding. I'm asking about the bug
http://bugs.debian.org/518169
in djbdns (fix is available since four months), and not the git-core
package.
On Fri, Jul 10, 2009, Florian Weimer wrote:
[something about http://bugs.debian.org/516394]
A
On sneon 11 July 2009, Gerrit Pape wrote:
On Fri, Jul 10, 2009, Florian Weimer wrote:
[something about http://bugs.debian.org/516394]
A misunderstanding again, I'm asking about the bug
http://bugs.debian.org/518169
The packages I prepared for stable are available since more than four
On Thu, Jul 02, 2009 at 08:22:04PM +0200, Nico Golde wrote:
Hi,
* Thijs Kinkhorst th...@debian.org [2009-07-02 20:08]:
On tiisdei 30 Juny 2009, Gerrit Pape wrote:
While we wait for who knows how long, I suggest we get the fix for
#518169 into stable; packages still are available
Hi,
* Gerrit Pape p...@smarden.org [2009-07-03 13:53]:
On Thu, Jul 02, 2009 at 08:22:04PM +0200, Nico Golde wrote:
Hi,
* Thijs Kinkhorst th...@debian.org [2009-07-02 20:08]:
On tiisdei 30 Juny 2009, Gerrit Pape wrote:
While we wait for who knows how long, I suggest we get the fix for
On tiisdei 30 Juny 2009, Gerrit Pape wrote:
While we wait for who knows how long, I suggest we get the fix for
#518169 into stable; packages still are available through
http://niequai.smarden.org/ruGho2e/
Hi, I don't understand why the confirmed fix for the reproducible bug
with security
Hi,
* Thijs Kinkhorst th...@debian.org [2009-07-02 20:08]:
On tiisdei 30 Juny 2009, Gerrit Pape wrote:
While we wait for who knows how long, I suggest we get the fix for
#518169 into stable; packages still are available through
http://niequai.smarden.org/ruGho2e/
Hi, I don't
On Wed, Mar 25, 2009 at 04:52:02PM +, Gerrit Pape wrote:
On Tue, Mar 24, 2009 at 09:18:24PM +0100, Florian Weimer wrote:
* Gerrit Pape:
AFAIK from private discussion, the Debian security team doesn't agree
with my assessment. I don't know what their plans are for stable.
I still
On Tue, Mar 24, 2009 at 09:18:24PM +0100, Florian Weimer wrote:
* Gerrit Pape:
The attack under discussion is a bruteforce attack.
No, it's not, it's about 100 times faster than brute force.
We're discussing the birthday attack. A birthday attack is a special
type of brute force attack.
Package: djbdns
Followup-For: Bug #516394
Not sure if any of the previous reporters actually read
http://cr.yp.to/djbdns/forgery.html , but it occurs to me as if this
problem is a problem in the current DNS protocol that cannot be
prevented *at all*. However, it can be made significantly harder
On Tue, Mar 24, 2009 at 08:04:33AM +0100, Soeren Sonnenburg wrote:
Not sure if any of the previous reporters actually read
http://cr.yp.to/djbdns/forgery.html , but it occurs to me as if this
problem is a problem in the current DNS protocol that cannot be
prevented *at all*. However, it can be
* Gerrit Pape:
The attack under discussion is a bruteforce attack.
No, it's not, it's about 100 times faster than brute force.
o Don't apply a patch against the djbdns binary package, but document the
fact more prominently. In fact it's already documented for years by
upstream, and again
11 matches
Mail list logo
