-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Fri, 07 Mar 2008 22:17:33 +0100 Source: libnet-dns-perl Binary: libnet-dns-perl Architecture: source amd64 Version: 0.59-1etch1 Distribution: stable-security Urgency: high Maintainer: Florian Hinzmann <fh@debian.org> Changed-By: Florian Weimer <fw@deneb.enyo.de> Description: libnet-dns-perl - Perform DNS queries from a Perl script Closes: 457445 Changes: libnet-dns-perl (0.59-1etch1) stable-security; urgency=high . * Malformed A records could lead to a Perl exception and program crash (CVE-2007-6341). Closes: #457445. * A very weak random number generator was used for transaction IDs (CVE-2007-3377). Perl's rand() is used in the patch against this vulnerability--it is initialized from /dev/urandom, but the underlying LCG has only got 48 bits of state, so at the very least, a brute-force attack is still possible if an attacker has got three subsequently generated transaction IDs. * The Perl implementation of dn_expand could recurse infinitely (CVE-2007-3409). (On Debian systems, the C version is typically used.) Files: 97a61f446273f49c42348334f5cc9ba8 915 perl optional libnet-dns-perl_0.59-1etch1.dsc d3408875f34e5fa0a313a4a21c70e832 137998 perl optional libnet-dns-perl_0.59.orig.tar.gz bfbdf3851e092853756b78e648b5af29 7584 perl optional libnet-dns-perl_0.59-1etch1.diff.gz ac599d5c037f6488e039887081d4d93b 252906 perl optional libnet-dns-perl_0.59-1etch1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBR9HHAb97/wQC1SS+AQKbNgf+MsUMd8TmleXs57Jnjmts57VThIfhcyWY yYaHHPw/VXbO7bvA/Ts+Y4KeMbfpzsWB7PPXxhCLMbwsoUkwre7FaDuy5FJOUuBp yCPItusH3krpKGnJTPB8sPCbIISk0bLFjairg3ybTKMoLQ2Ok3nv0nVbmwxXD6E3 rJHPHqfP6KmYt2imEocGZEI+chqdOKX4eYo5wv3b/HRJHyoDzW1HiREz2VJRAwE/ JD4XMcfotwCPRChU8nR1xAuiA5DPQWhgx2x+8v/eYve6CSe+yWJrgQ6s0xkf0CTX oo4cE72rYmyPeXy88mjYx/v99p3ygRcT3473PPH4HLm3PDPxOuo7Uw== =a+2f -----END PGP SIGNATURE----- Accepted: libnet-dns-perl_0.59-1etch1.diff.gz to pool/main/libn/libnet-dns-perl/libnet-dns-perl_0.59-1etch1.diff.gz libnet-dns-perl_0.59-1etch1.dsc to pool/main/libn/libnet-dns-perl/libnet-dns-perl_0.59-1etch1.dsc libnet-dns-perl_0.59-1etch1_amd64.deb to pool/main/libn/libnet-dns-perl/libnet-dns-perl_0.59-1etch1_amd64.deb