$ zcat /usr/share/doc/djbdns/NEWS.Debian.gz |head djbdns (1:1.05-6) unstable; urgency=medium
CVE-2008-4392 reports 'Rapid DNS Poisoning in dnscache', the dnscache program included in djbdns-1.05. Upstream's comments on this can be read in http://cr.yp.to/djbdns/forgery.html The dbndns package, the Debian fork of djbdns, includes a patch that limits concurrent outgoing SOA queries to 20 instead 200 (MAXUDP) to make birthday attacks more difficult. $ zcat /usr/share/doc/djbdns/changelog.Debian.gz |head djbdns (1:1.05-6) unstable; urgency=medium * dbndns/diff/0004-dnscache.c-allow-a-maximum-of-20-concurrent...diff: new; dnscache.c: allow a maximum of 20 concurrent outgoing SOA queries (#516394). * debian/djbdns.NEWS.Debian: talk about the patch 0004-dnscache.c... being applied to the dbndns package. * debian/dnscache-run.postinst: restart dnscache on package upgrade. * debian/dbndns.README.Debian: document that patches 0003-...diff, 0004-...dif are applied to dbndns. $ -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
