* Luk Claes: > Gerrit Pape wrote: >> On Thu, Oct 01, 2009 at 10:28:35PM +0200, Luk Claes wrote: >>> Any reason why there was no upload for this security issue to unstable yet? >> >> Hi, I made my position as the maintainer of the package clear in >> >> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=516394#36 >> >> and some private discussions with the security team. In my opinion the >> issue is fixed sufficiently in unstable and testing, and the same >> changes should go into stable. I offered to prepare the packages, but >> the security team declined > > It seems that the security team does not agree that the bug is > sufficiently fixed or do they (in Cc)?
djbdns should not be part of squeeze until it is properly hardened against cache poisoning. It is between 100 and 200 times easier than with other DNS servers. This hasn't got to do much with bug 516394, though. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
