CVE-2019-19794: The miekg Go DNS package before 1.1.25, as used in CoreDNS before 1.6.6 and other products, improperly generates random numbers because math/rand is used. The TXID becomes predictable, leading to response forgeries.
CVE-2019-19794: The miekg Go DNS package before 1.1.25, as used in CoreDNS before 1.6.6 and other products, improperly generates random numbers because math/rand is used. The TXID becomes predictable, leading to response forgeries.
1 issue skipped by the security teams:
CVE-2017-15133: A denial of service flaw was found in miekg-dns before 1.0.4. A remote attacker could use carefully timed TCP packets to block the DNS server from accepting new connections.
CVE-2019-19794: The miekg Go DNS package before 1.1.25, as used in CoreDNS before 1.6.6 and other products, improperly generates random numbers because math/rand is used. The TXID becomes predictable, leading to response forgeries.
Please fix it.
Standards version of the package is outdated.
wishlist
The package should be updated to follow the last version of Debian Policy
(Standards-Version 4.5.0 instead of
4.4.1).
Migration status for golang-github-miekg-dns (1.0.4+ds-1 to 1.1.26-1): Waiting for test results, another package or too young (no action required now - check later)
![[bug history graph]](https://qa.debian.org/data/bts/graphs/g/golang-github-miekg-dns.png){kind=link}