To add even more confusion:
I did a final tweak to the hash compression function yesterday.
TL;DR summary: Use MaraDNS 1.3.07.14, 1.4.10, any 2.0 release, or
apply this patch to an older release of MaraDNS:
http://maradns.org/download/patches/maradns-1.3-better_hash.patch
Long summary:
I made
I reckon there must be some confusion here. The description in
CVE-2011-5056 does not match the link to Sam's blog. SO I have no idea
what is going on there. In any case if the attack vector is crafting
authoritative DNS records, then the system would have to be compromised
in other ways to make th
On Thu, Jan 12, 2012 at 22:55:10 +, Nicholas Bamber wrote:
> Julien,
> Comments below. What is the next step?
>
On http://security-tracker.debian.org/tracker/source-package/maradns I
see three issues: CVE-2011-5055, CVE-2011-5056 and CVE-2012-0024. Which
one is this fixing, and what's
>> Shouldn't that go to stderr?
>
> Actually the stdout gets piped into a related logger process.
I tried to have the logger thing to have two pipes open, one for
stdout, another for stderr, and give things received on stderr a
different log priority, but it didn't work. There is discussion on
th
It's really old code and I did a much better job of it the second time
around. Also: I'm not 100% satisfied with this hash compression
function, and will update it one last time for the MaraDNS 1 branch.
- Sam
2012/1/12 Julien Cristau :
> On Sun, Jan 1, 2012 at 17:52:21 +, Nicholas Bamber w
Julien,
Comments below. What is the next step?
On 12/01/12 21:40, Julien Cristau wrote:
> On Sun, Jan 1, 2012 at 17:52:21 +, Nicholas Bamber wrote:
>
>> Julien,
>> The attached file is a debdiff for 1.4.03-1.1 -> 1.4.03-1.2. I have not
>> run an FTBS test on it but I wanted to k
On Sun, Jan 1, 2012 at 17:52:21 +, Nicholas Bamber wrote:
> Julien,
> The attached file is a debdiff for 1.4.03-1.1 -> 1.4.03-1.2. I have not
> run an FTBS test on it but I wanted to know if I was on the right lines.
>
Looks basically ok, there's a couple oddities but I guess they're t
On Tue, Jan 3, 2012 at 19:33:31 +, Nicholas Bamber wrote:
> Any feedback on this?
>
You'll get mail when there's feedback, no need to be impatient.
Cheers,
Julien
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact list
Any feedback on this?
On 31/12/11 14:30, Nicholas Bamber wrote:
> As per the attached email, I wonder if you would be interested in point
> releases for the old versions of maradns to fix #653838 and what the
> relevant timescales would be.
>
> There is also the question of unarchiving and fixing
Julien,
The attached file is a debdiff for 1.4.03-1.1 -> 1.4.03-1.2. I have not
run an FTBS test on it but I wanted to know if I was on the right lines.
On 31/12/11 15:00, Julien Cristau wrote:
> On Sat, Dec 31, 2011 at 14:30:04 +, Nicholas Bamber wrote:
>
>> As per the attached email
Julien,
Thanks. That schedule seems elatively comfortable.
On 31/12/11 15:00, Julien Cristau wrote:
> On Sat, Dec 31, 2011 at 14:30:04 +, Nicholas Bamber wrote:
>
>> As per the attached email, I wonder if you would be interested in point
>> releases for the old versions of maradns to
On Sat, Dec 31, 2011 at 14:30:04 +, Nicholas Bamber wrote:
> As per the attached email, I wonder if you would be interested in point
> releases for the old versions of maradns to fix #653838 and what the
> relevant timescales would be.
>
Yes. The next (and last) lenny point release is planne
As per the attached email, I wonder if you would be interested in point
releases for the old versions of maradns to fix #653838 and what the
relevant timescales would be.
There is also the question of unarchiving and fixing #584587 in the
lenny version whilst we still have the chance.
--- Begin M
13 matches
Mail list logo
