Your message dated Fri, 01 Feb 2013 22:32:04 +0000 with message-id <e1u1p9q-0003zu...@franck.debian.org> and subject line Bug#665012: fixed in maradns 1.4.03-1.1+squeeze1 has caused the Debian Bug report #665012, regarding CVE-2012-1570: maradns deleted domain record cache persistance flaw to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 665012: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=665012 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: maradns Severity: serious Tags: security -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 It was reported that MaraDNS suffers from a flaw where it is susceptible to spoofing attacks. Due to an error in the cache update policy, which does not properly handle revoked domain names, a remote attacker could keep a domain name resolvable after it has been deleted from the registration. This flaw is fixed in versions 1.3.0.7.15 and 1.4.12, and is reported to affect all prior versions. References: http://www.maradns.org/changelog.html https://secunia.com/advisories/48492/ https://bugzilla.redhat.com/show_bug.cgi?id=804770 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAk9q/sIACgkQNxpp46476arqDQCfSFeWlawN7py9L5lKIE+xR1ix ATIAn0DxeHe7ugtuET2C9uHbJcAkIwkz =Pu/Y -----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---Source: maradns Source-Version: 1.4.03-1.1+squeeze1 We believe that the bug you reported is fixed in the latest version of maradns, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 665...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Jonathan Wiltshire <j...@debian.org> (supplier of updated maradns package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Fri, 01 Feb 2013 16:31:00 +0000 Source: maradns Binary: maradns Architecture: source amd64 Version: 1.4.03-1.1+squeeze1 Distribution: stable Urgency: low Maintainer: Kai Hendry <hen...@iki.fi> Changed-By: Jonathan Wiltshire <j...@debian.org> Description: maradns - Simple security-focused Domain Name Service server Closes: 665012 Changes: maradns (1.4.03-1.1+squeeze1) stable; urgency=low . * Non-maintainer upload. * Backport fix from upstream for CVE-2012-1570 (deleted domain record cache persistence flaw). Closes: #665012 Checksums-Sha1: 73daa5197e21d3904428d37e164810f3c711364b 1665 maradns_1.4.03-1.1+squeeze1.dsc 2dd254e3e9f205a2dfeaa4e76fe7d0328216224e 24282 maradns_1.4.03-1.1+squeeze1.diff.gz e7eef2eb1521ec952920c8269acceab0842e4fbb 1365414 maradns_1.4.03-1.1+squeeze1_amd64.deb Checksums-Sha256: eea0840a1b7d87a8c513dc987bb67dfa6c731fd3ee0658893defd47de79c9737 1665 maradns_1.4.03-1.1+squeeze1.dsc b80ac756314ee7976895479a1a73bdbcac70bb5afa41153404a955457abac805 24282 maradns_1.4.03-1.1+squeeze1.diff.gz f28827649c01015939669d1c69d4c1de0bfdffd5350e88063a7bb494df7a3935 1365414 maradns_1.4.03-1.1+squeeze1_amd64.deb Files: 8ac0f020b088d4be09d157682c6a03ae 1665 net extra maradns_1.4.03-1.1+squeeze1.dsc 4c096bd1b2acba2fb1ae0aee1256ba9f 24282 net extra maradns_1.4.03-1.1+squeeze1.diff.gz 79215f2d3fd8c81aa6c406c05b0b9c01 1365414 net extra maradns_1.4.03-1.1+squeeze1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBAgAGBQJRDAGRAAoJEFC7AtTIpr9hl3QP/R3yWBdD/Pth5VQkgADFfFPv bSvQ8oGldKZo6Bg0NaaRNRkd4G80FUJh+02eNubfQSXbDk1xVg/0SYawLDx17xIr wCMQGqo8DxTAr5dXCRmYiqgTWdbXW2VOi2khR5zN1zwqNfj2/DNwDOVwjCI4EO3P 9CU38LC7Bp5ymVarCVvvnawHTc4UZDzO/gml/Tao6GVNhYhx8/ERMhG3SgUzm1NS 1PK0KpJw7UYI+py0A1dELJ1Efkriq4CsZnvIYHWlwWKRpXQwNvhgLOnNBaay0NYU lO0QpQibbe78L5s996sQSrWg6EeRElg2ilmfrNiu69DJW36WoAcotb8ajAGY5S2B MT7xXmPu9ouXe7q9H8/0QF/tNeDV9LJXALAatRXlKwi1bzGSH5eNk+EDOBigE5T2 JyOWkvNo0V7ooyks29VKPcT5iYc0Z2FSklz0repC62iLfXf8cMe6rW1BaVHwefp3 SZIcF3vc5drqX38Yvvl6xmAjcI+1yrzc4QPOrLlE36NdYOFRM/1XKoSdRzt4F0tU aEYUm8JOi+/lzflUFfFH52pldxk9JoSIdoIG9yiMY70264Wrpu0TYYfcbe+O7lkU vzZgQQW6Ws7+77jFloC6EzglZoohXI27ys1djVNrpgI0A/k3Kr7IxVHpXUkk04Cs FsLNyI/6f40EhwUjVjMt =GekI -----END PGP SIGNATURE-----
--- End Message ---
