Date: Tue, 24 Nov 2009 13:21:57 -0500 (EST) From: Josh Bressers <bressers@...hat.com> To: oss-security@...ts.openwall.com Cc: coley <coley@...re.org> Subject: Re: a new bind issue I'm going to defer this assignment to MITRE. I suspect they've gotten a number of requests for this one already (I want to avoid a duplicate assignment). Thanks. -- JB ----- "Oden Eriksson" <oeriksson@...driva.com> wrote: > Hello. > > A new bind release is out there, it mentions: > > "It addresses a potential cache poisoning vulnerability, in which data > in the > additional section of a response could be cached without proper DNSSEC > > validation." > > "2772. [security] When validating, track whether pending data > was from > the additional section or not and only return > it if > validates as secure. [RT #20438]" > > > A CVE should probably be assigned. > > > -- > Regards // Oden Eriksson > Security team manager - Mandriva
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.