The new high-quality random generator was not used for all random numbers, especially in source port selection. This means that 3.1.5 is still a lot more secure than 3.1.4 was, and its algorithms more secure than most other nameservers, but it also means 3.1.5 is not as secure as it could be. A quick upgrade is recommended. Discovered by Thomas Biege of Novell (SUSE), fixed in commit 1179.
Arches, please test and mark stable:
Target keywords : "amd64 x86"
amd64 stable, all arches done.
I would vote Yes like we previously did on other cache-poisoning vulnerabilities.
refer to GLSA 200804-22
YES, request filed
This should be an erratum as it was reported fixed by bug #215567 / GLSA 200804-22.