CVE-2008-1447 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1447): The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via certain cache poisoning techniques against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability."
Upstream writes: Most use cases for pydns are unaffected by the recently publicized DNS spoofing attack, because pydns only knows how to talk to a local nameserver (localhost, LAN, or ISP). It doesn't even know how to do a full query starting with the root nameservers. But, just in case someone wants to add the features needed for a caching nameserver, we now do port randomization just like bind. As before, the python-pydns packages match the system python version. The pydns packages use an arbitrary python version (2.4 by default).
version 2.3.3 in CVS.
sorry for closing. ;) security herd should decide what to do with this bug now.
(In reply to comment #3) > sorry for closing. ;) > > security herd should decide what to do with this bug now. No problem here, since it has no stable keywords, it may be closed directly.
