Comment 1 for bug 399012

djbdns (1:1.05-2ubuntu0.1) intrepid-security; urgency=low

  * SECURITY UPDATE: Matthew Dempsky discovered that Daniel J. Bernstein's
    djbdns, a Domain Name System server, does not constrain offsets in the
    required manner, which allows remote attackers with control over a
    third-party subdomain served by tinydns and axfrdns, to trigger DNS
    responses containing arbitrary records via crafted zone data for this
    subdomain. (LP: #399012)
    - CVE-2009-0858
    - http://shinobi.dempsky.org/~matthew/djbdns-bug/patch

 -- Andreas Moog <email address hidden> Mon, 13 Jul 2009 22:55:59 +0200