Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 184029

Summary: dev-perl/Net-DNS < 0.60 cache poisoning and DoS (CVE-2007-3377, 3409)
Product: Gentoo Security Reporter: Matt Drew (RETIRED) <aetius>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: perl
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.net-dns.org/docs/Changes.html
Whiteboard: B3 [glsa] aetius
Package list:
Runtime testing required: ---

Description Matt Drew (RETIRED) gentoo-dev 2007-07-02 20:25:38 UTC
http://secunia.com/advisories/25829/

0.60 is already in the tree, we should just need to stabilize it.  Any objections to that before I call for stable?
Comment 1 Michael Cummings (RETIRED) gentoo-dev 2007-07-07 11:56:26 UTC
(In reply to comment #0)
> http://secunia.com/advisories/25829/
> 
> 0.60 is already in the tree, we should just need to stabilize it.  Any
> objections to that before I call for stable?
> 

nope (that is, no objections)

Comment 2 Michael Cummings (RETIRED) gentoo-dev 2007-07-09 15:50:13 UTC
Since this is security related, were you going to add the arch's? Or were you waiting for me to?
Comment 3 Matt Drew (RETIRED) gentoo-dev 2007-07-12 13:20:23 UTC
done, I'm just slack. :\

Arches, please stabilize:

dev-perl/net-dns-0.60

Thanks!
Comment 4 Gustavo Zacarias (RETIRED) gentoo-dev 2007-07-12 13:29:10 UTC
sparc stable, and it's dev-perl/Net-DNS-0.60
Comment 5 Christian Faulhammer (RETIRED) gentoo-dev 2007-07-12 15:15:05 UTC
x86 stable
Comment 6 Jeroen Roovers gentoo-dev 2007-07-12 17:08:45 UTC
Stable for HPPA.
Comment 7 Raúl Porcel (RETIRED) gentoo-dev 2007-07-12 18:17:36 UTC
alpha/ia64 stable
Comment 8 Markus Rothe (RETIRED) gentoo-dev 2007-07-12 18:32:20 UTC
ppc64 stable
Comment 9 Steve Dibb (RETIRED) gentoo-dev 2007-07-13 00:37:25 UTC
amd64 stable
Comment 10 Tobias Scherbaum (RETIRED) gentoo-dev 2007-07-15 21:20:09 UTC
ppc stable
Comment 11 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-07-15 21:23:11 UTC
Ready for glsa decision. DNS poisoning is not good, so voting yes.
Comment 12 Matt Drew (RETIRED) gentoo-dev 2007-07-16 13:11:51 UTC
I'll also vote yes for the DNS cache poisoning, as this is a basic DNS protection mechanism that was not implemented.  GLSA request filed.
Comment 13 Joshua Kinard gentoo-dev 2007-08-06 02:34:54 UTC
mips stable.
Comment 14 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2007-08-11 22:04:06 UTC
it's GLSA 200708-06, thanks everybody and sorry for the delay.

arm, s390; don't forget to mark stable in order to benefit from the GLSA.