On Sat, May 16, 2015 at 12:26:51PM +0200, Santiago Ruano Rincón wrote: > Hi Simon, > > On Fri, May 15, 2015 at 04:24:30PM +0200, Santiago Ruano Rincón wrote: > ... > > I'm attaching the clean patch to fix CVE-2015-3294. > > These other CVEs are related each other and still affect dnsmasq in > squeeze and wheeze: > https://security-tracker.debian.org/tracker/CVE-2012-3411 > https://security-tracker.debian.org/tracker/CVE-2013-0198 > > As far as I understand, your fix to those bugs introduces the new > --bind-dynamic option in dnsmasq. This fix also depends on libvirt, that > needs to be modified to pass --bind-dynamic instead of > --bind-interfaces. Please, correct me if I'm wrong. > > Given that in Debian they have been classified as low priority, do you > think it's worth to do adapt those changes into squeeze and wheeze? Note: libvirt has not support by Squeeze LTS
Attachment:
signature.asc
Description: Digital signature