|Summary:||dev-perl/Net-DNS < 0.60 cache poisoning and DoS (CVE-2007-3377, 3409)|
|Product:||Gentoo Security||Reporter:||Matt Drew (RETIRED) <aetius>|
|Component:||Vulnerabilities||Assignee:||Gentoo Security <security>|
|Whiteboard:||B3 [glsa] aetius|
|Package list:||Runtime testing required:||---|
Description Matt Drew (RETIRED) 2007-07-02 20:25:38 UTC
http://secunia.com/advisories/25829/ 0.60 is already in the tree, we should just need to stabilize it. Any objections to that before I call for stable?
Comment 1 Michael Cummings (RETIRED) 2007-07-07 11:56:26 UTC
(In reply to comment #0) > http://secunia.com/advisories/25829/ > > 0.60 is already in the tree, we should just need to stabilize it. Any > objections to that before I call for stable? > nope (that is, no objections)
Comment 2 Michael Cummings (RETIRED) 2007-07-09 15:50:13 UTC
Since this is security related, were you going to add the arch's? Or were you waiting for me to?
Comment 3 Matt Drew (RETIRED) 2007-07-12 13:20:23 UTC
done, I'm just slack. :\ Arches, please stabilize: dev-perl/net-dns-0.60 Thanks!
Comment 4 Gustavo Zacarias (RETIRED) 2007-07-12 13:29:10 UTC
sparc stable, and it's dev-perl/Net-DNS-0.60
Comment 5 Christian Faulhammer (RETIRED) 2007-07-12 15:15:05 UTC
Comment 6 Jeroen Roovers 2007-07-12 17:08:45 UTC
Stable for HPPA.
Comment 7 Raúl Porcel (RETIRED) 2007-07-12 18:17:36 UTC
Comment 8 Markus Rothe (RETIRED) 2007-07-12 18:32:20 UTC
Comment 9 Steve Dibb (RETIRED) 2007-07-13 00:37:25 UTC
Comment 10 Tobias Scherbaum (RETIRED) 2007-07-15 21:20:09 UTC
Comment 11 Pierre-Yves Rofes (RETIRED) 2007-07-15 21:23:11 UTC
Ready for glsa decision. DNS poisoning is not good, so voting yes.
Comment 12 Matt Drew (RETIRED) 2007-07-16 13:11:51 UTC
I'll also vote yes for the DNS cache poisoning, as this is a basic DNS protection mechanism that was not implemented. GLSA request filed.
Comment 13 Joshua Kinard 2007-08-06 02:34:54 UTC
Comment 14 Raphael Marichez (Falco) (RETIRED) 2007-08-11 22:04:06 UTC
it's GLSA 200708-06, thanks everybody and sorry for the delay. arm, s390; don't forget to mark stable in order to benefit from the GLSA.