Received: from localhost (unknown [200.46.204.183])
	by postgresql.org (Postfix) with ESMTP id 0AEC765032F
	for <pgsql-www-postgresql.org@postgresql.org>;
	Fri, 25 Jul 2008 12:26:08 -0300 (ADT)
Received: from postgresql.org ([200.46.204.86])
	by localhost (mx1.hub.org [200.46.204.183]) (amavisd-maia, port 10024)
	with ESMTP id 10733-03 for <pgsql-www-postgresql.org@postgresql.org>;
	Fri, 25 Jul 2008 12:25:56 -0300 (ADT)
X-Greylist: from auto-whitelisted by SQLgrey-1.7.6
Received: from lists.commandprompt.com (host-159.commandprompt.net
	[207.173.203.159])
	by postgresql.org (Postfix) with ESMTP id B85EF650259
	for <pgsql-www@postgresql.org>; Fri, 25 Jul 2008 12:25:56 -0300 (ADT)
Received: from [192.168.1.5] (or-69-34-217-90.sta.embarqhsd.net
 [69.34.217.90])
	(authenticated bits=0)
	by lists.commandprompt.com (8.13.8/8.13.8) with ESMTP id m6PFSNfQ001290
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Fri, 25 Jul 2008 08:28:24 -0700
Subject: Re: Insecure DNS servers on PG infrastructure
From: "Joshua D. Drake" <jd@commandprompt.com>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: pgsql-www@postgresql.org
In-Reply-To: <26210.1216998123@sss.pgh.pa.us>
References: <26210.1216998123@sss.pgh.pa.us>
Content-Type: text/plain
Organization: Command Prompt, Inc.
Date: Fri, 25 Jul 2008 08:26:01 -0700
Message-Id: <1216999561.16378.7.camel@jd-laptop>
Mime-Version: 1.0
X-Mailer: Evolution 2.22.3.1 
Content-Transfer-Encoding: 7bit
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0
	(lists.commandprompt.com [207.173.203.159]);
	Fri, 25 Jul 2008 08:28:25 -0700 (PDT)
X-Virus-Scanned: Maia Mailguard 1.0.1
X-Spam-Status: No, hits=0 tagged_above=0 required=5 tests=none
X-Spam-Level: 
X-Archive-Number: 200807/132
X-Sequence-Number: 15562

On Fri, 2008-07-25 at 11:02 -0400, Tom Lane wrote:
> I just noted that cvs.postgresql.org and svr1.postgresql.org are not
> running the latest bind release, which means that they are vulnerable to
> the DNS cache poisoning attack recently discovered by Dan Kaminsky.
> Vixie and co think this is a pretty big deal, so folks might want to
> update sooner rather than later.
> 	http://www.kb.cert.org/vuls/id/800113

Dave and Magnus are on vacation. I believe the only other people that
would have access to those boxes are Stefan and Marc. I have pinged
Stefan.

Joshua D. Drake

-- 
The PostgreSQL Company since 1997: http://www.commandprompt.com/ 
PostgreSQL Community Conference: http://www.postgresqlconference.org/
United States PostgreSQL Association: http://www.postgresql.us/
Donate to the PostgreSQL Project: http://www.postgresql.org/about/donate