On Sun 22/12/2019 00:44, Nam Nguyen wrote: > > There is a security fix with this update so consider committing this to > -stable. > > Details: > The changelog omits the details so I inferred that "[security] > Predictable TXID can lead to response forgeries" was the issue. > > "The miegkg/dns module was updated to version 1.1.26, that fixes a > security issue affecting non-encrypted/non-authenticated DNS traffic. In > dnscrypt-proxy, this only affects the forwarding feature." > > https://github.com/miekg/dns/pull/1044 > https://github.com/miekg/dns/issues/1043 > https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Forwarding > > Changelog: > https://github.com/DNSCrypt/dnscrypt-proxy/blob/2.0.36/ChangeLog > > This update is for dnscrypt-proxy 2.0.36, released December 21, > 2019. Tests are welcome.
I tested your update on amd64 current without any issues, and have committed it. Thank you! I think it is worth the effort to commit this update to 6.6 as well, and will do so tonight...unless someone objects.
