Package: python-dnspython Version: 1.3.5-3.1 1.6.0-1 Severity: grave Tags: security
Hi, >From inspecting the code of dnspython, it seems that it is not using the recommended source port randomisation for countering the cache poisoning attack as discovered by Dan Kaminski and referenced as CVE-2008-1447. Could you please look into this and see whether updated packages can and should be created for etch/lenny/sid? thanks, Thijs -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/dash Kernel: Linux 2.6.18-6-686 Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
