On Fri, 2017-06-23 at 19:01 +0200, Salvatore Bonaccorso wrote: > Source: knot > Version: 2.4.3-1 > Severity: grave > Tags: security upstream patch > Control: found -1 2.5.1-1 > > Hi > > See > https://lists.nic.cz/pipermail/knot-dns-users/2017-June/001144.html > and > http://www.synacktiv.ninja/ressources/Knot_DNS_TSIG_Signature_Forgery.pdf > and filling a bug in BTS to have a reference, afaik there is no CVE > yet assigned. > > [16:19] < KGB-1> Yves-Alexis Perez 52846 /data/CVE/list add temporary entry > for knot > [16:21] < Corsac> ondrej: I guess you know about it?
I went ahead and uploaded fixes to jessie and stretch. I've also pushed my branches to https://anonscm.debian.org/cgit/users/corsac/security/knot.git/ in case you want to reimport them. Regards, -- Yves-Alexis
signature.asc
Description: This is a digitally signed message part
