El 29/07/08 a las 17:28, Bob Halley escribió: > > On 28 Jul 2008, at 09:50, Robert Edmonds wrote: > > > [ i am CC'ing the upstream author, Bob Halley. Bob, are you planning a > > fix to bring dnspython in line with forgery-resilience? ] > > I haven't been rushing to make a fix because dnspython is a stub resolver > (typically cacheless) and is thus not likely a profitable target. > > Having said that, I would like to strengthen it, but it will take a little > time since I'd like to improve the quality of the randomness as well. > Python's random() function is based on the Mersenne Twister, which is not > cryptographically strong. What's the timeframe for lenny?
Hello Bob,
While reviewing some bugs in Debian, I found this long-standing issue
about dnspython and CVE-2008-1447 ("the Kaminsky bug"):
https://bugs.debian.org/492465, and I wonder what is the current actual
status.
I see this as part of the changes introduced by 1.7.0 in 2009:
An entropy module has been added and is used to randomize query ids.
Could it be considered then safe to state that #492465 is fixed? If yes,
would it be from 1.7.0 (actually 1.7.1-1 in Debian) version?
Best regards,
-- Santiago
signature.asc
Description: PGP signature
