-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 05/11/2014 11:18 PM, Kristian Fiskerstrand wrote: > On 05/11/2014 10:43 PM, Kristian Fiskerstrand wrote: >> On 05/06/2014 02:55 PM, Jeremy T. Bouse wrote: >>> On 05/06/2014 05:08 AM, Kristian Fiskerstrand wrote: >>>> Dear lists, >>>> >>>> Following the release of SKS 1.1.5[0] the following changes >>>> will be made to the pools of sks-keyservers.net >>>> >>>> subset.pool.sks-keyservers.net has been set to a minimum >>>> requirement of SKS 1.1.5 with immediate effect. >>>> >>>> Due to CVE-2014-3207[1] I want to bump >>>> hkps.pool.sks-keyservers.net to a requirement of 1.1.5 as >>>> this can potentially be in another security context / zone, >>>> however I'm giving this a grace period of (at least) 45-60 >>>> days to allow server administrators to upgrade their >>>> servers. > >> In recognition of package-maintainers backporting the security >> fixes to older versions of SKS for stable systems I'm revising >> the latter statement a bit. I have now implemented a test for >> affected servers instead of relying on the version information. >> This is currently active, and non-patched servers in the HKPS >> pool should now show up with an orange flag for the HKPS column. > > > Adding to that, this would also keep servers that are protected due > to the reverse proxy configuration remaining.
As only one server was left in the HKPS pool that hasn't been updated to fix this issue (or behind a rprox protecting it for it), the procedures have now been activated to discard this server. As of now the HKPS pool should be safe for CVE-2014-3207. - -- - ---------------------------- Kristian Fiskerstrand Blog: http://blog.sumptuouscapital.com Twitter: @krifisk - ---------------------------- Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 - ---------------------------- "Excellence is not a singular act but a habit. You are what you do repeatedly." (Shaquille O'Neal) -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJTnMpkAAoJEPw7F94F4TagbFkP+wXnRmKov3KATlrsLjwb4jTY P2pcUJ6qtj2zTx+5avTainQ2UACQbW7SbufqEguDjrGgS6Uxb+cEeQpgKSG+5CG/ 7uECVtC4z//wbHuNDF3H9gaSwVZW/B4y8XsyS9Ib2+6sJDB5aMmw5vPHzZB56Oy1 hdWMgVfAS4NGYPWrgQOQiYZa6qOdxmftSAuTatP12u2CIiYyeCrVuFwqZEYx9fXD FE/ld98CFbojumknMgtoWO3HRlT/dQdKbaU0ENkg+m26g7fEWp8JECm4sqI/auf/ OGF4/VuZorHvD+liCjCutN7BwhBsHl29Ty0M+JXN5IvfP1Tru+q4Ak5oKxuR+k4j rXAb5BNL+OEei2BMSGo+Ptqnszj92DfIYAy8YQFjgHP89pHsZKM8ySgMWglz+wnD IXMClZkRrqRU/3kE3cFzqMTm6HIknKWQK+ebpuNSikQfemfZ/7f9wWIbAoSM1nhP Fj29Lkxq8qoaWNeNtCZyKLuwBGjQNEwuKE3RRNe8cEHGr9NJQ/jxlU4jxzi30YGv rMOggA+LKRf3DxWY0dzxkWJPGOXfYdCj+k2DkCX9LubhR/jM2LhJvCKgNsOVyuCJ GjD9OT8tV7dEHNHcVM7JdfHSso1xKogQU0x0qrfd0PH8+kO8HH0qGDKSRwbjeZsM PDgQ9b4icGqo6ooDm9pg =AEFb -----END PGP SIGNATURE----- _______________________________________________ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel