Hi Brian
I agree with you about the hash part (the main part of it) of this CVE. In
fact this CVE is about two different things. If gnupg do hash validation I
think go should do the same.
I was referring to the second part of the vulnerability described in
"Moreover, since...". Now when I read ab
Dear LTS Team,
we are using pdns-recusor as our default dns recursor on all our systems.
Starting with Stretch-lts it seems the package disappeared and our preseed
installer is not working anymore to install new Debian 9 system (which we still
need sometimes).
Is there a reason why this packag
Hello,
Security support for pdns-recursor ended at 2020-05.
https://www.debian.org/security/2020/dsa-4691
AFAICS it used to be present in stretch, but it was decided to remove it
around 2020-07 for this reason:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961270
https://bugs.debian.org/cgi-b
Ola Lundqvist writes:
> I agree with you about the hash part (the main part of it) of this CVE. In
> fact this CVE is about two different things. If gnupg do hash validation I
> think go should do the same.
It concerns me that we have marked CVE-2019-11841 as resolved in
bullseye and sid, and we
Looking at:
https://security-tracker.debian.org/tracker/CVE-2019-9512
https://security-tracker.debian.org/tracker/CVE-2019-9514
Under "golang-1.7" release stretch it says "vulnerable".
But in the notes, there is:
[stretch] - golang-1.7 (Minor issue)
Why?
Anyway, as this was marked as minor f
