[Pkg-dns-devel] Bug#865678: Bug#865678: knot: Improper TSIG validity period check can allow TSIG forgery
Ondřej Surý
ondrej at sury.org
Sat Jul 15 05:20:56 UTC 2017
Thanks for the upload. I didn't give it a very high priority as there was
an easy fix using ACLs and I had a rough plan to fix it during next week.
Cheers, Ondřej
On 14 July 2017 22:12:11 Yves-Alexis Perez <corsac at debian.org> wrote:
> On Fri, 2017-06-23 at 19:01 +0200, Salvatore Bonaccorso wrote:
>> Source: knot
>> Version: 2.4.3-1
>> Severity: grave
>> Tags: security upstream patch
>> Control: found -1 2.5.1-1
>>
>> Hi
>>
>> See
>> https://lists.nic.cz/pipermail/knot-dns-users/2017-June/001144.html
>> and
>> http://www.synacktiv.ninja/ressources/Knot_DNS_TSIG_Signature_Forgery.pdf
>> and filling a bug in BTS to have a reference, afaik there is no CVE
>> yet assigned.
>>
>> [16:19] < KGB-1> Yves-Alexis Perez 52846 /data/CVE/list add temporary entry
>> for knot
>> [16:21] < Corsac> ondrej: I guess you know about it?
>
> I went ahead and uploaded fixes to jessie and stretch. I've also pushed my
> branches to https://anonscm.debian.org/cgit/users/corsac/security/knot.git/ in
> case you want to reimport them.
>
> Regards,
> --
> Yves-Alexis
>
>
> ----------
> _______________________________________________
> pkg-dns-devel mailing list
> pkg-dns-devel at lists.alioth.debian.org
> https://lists.alioth.debian.org/mailman/listinfo/pkg-dns-devel
>
More information about the pkg-dns-devel
mailing list