Upstream here. It's a six-line patch:
http://maradns.org/download/patches/security/maradns-1.4.11-ghostdomain.patch
This should not be too difficult to apply.
Also, the security report is somewhat inaccurate. Both MaraDNS and
Deadwood were never vulnerable to the Ghost Domain bug as described
Package: maradns
Dear maintainer,
Recently you fixed one or more security problems and as a result you closed
this bug. These problems were not serious enough for a Debian Security
Advisory, so they are now on my radar for fixing in the following suites
through point releases:
squeeze (6.0.7) -
Package: maradns
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
It was reported that MaraDNS suffers from a flaw where it is susceptible to
spoofing attacks. Due to an error in the cache update policy, which
does not properly handle revoked domain names, a remote
Upstream here:
Here are the affected versions of MaraDNS:
All MaraDNS 0 releases (Do NOT use; not maintained)
All MaraDNS 1.0 releases (Do NOT use; not maintained)
All MaraDNS 1.1 releases (Do NOT use; not maintained)
All MaraDNS 1.2 releases (Do NOT use; not maintained)
All MaraDNS 1.3 releases
4 matches
Mail list logo