[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: squeeze update of dnsmasq?

On Sat, May 16, 2015 at 12:26:51PM +0200, Santiago Ruano Rincón wrote:
> Hi Simon,
> On Fri, May 15, 2015 at 04:24:30PM +0200, Santiago Ruano Rincón wrote:
> ...
> > I'm attaching the clean patch to fix CVE-2015-3294.
> These other CVEs are related each other and still affect dnsmasq in
> squeeze and wheeze:
> https://security-tracker.debian.org/tracker/CVE-2012-3411
> https://security-tracker.debian.org/tracker/CVE-2013-0198
> As far as I understand, your fix to those bugs introduces the new
> --bind-dynamic option in dnsmasq. This fix also depends on libvirt, that
> needs to be modified to pass --bind-dynamic instead of
> --bind-interfaces. Please, correct me if I'm wrong.
> Given that in Debian they have been classified as low priority, do you
> think it's worth to do adapt those changes into squeeze and wheeze?

Note: libvirt has not support by Squeeze LTS

Attachment: signature.asc
Description: Digital signature

Reply to: