Dear Security Team, CVE-2008-4392 has "Candidate" status and is being reviewed for almost three years now, and still must accepted by the CVE Editorial Board[0].
Why, after so many years, Debian Security Team, after a clear statement from prof. Bernstain[1], without confirmation of this rumour from CVE Editorial Board, still blocks djbdns software from the society? Attackers with an access to the network are able to forge DNS responses, and if we treat is as a bug, we must remove all DNS cache software from Debian ASAP. Thanks, Serge [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4392 [1] http://cr.yp.to/djbdns/forgery.html -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
