Re: squeeze update of dnsmasq?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 16/05/15 11:26, Santiago Ruano Rincón wrote:
> Hi Simon,
>
> On Fri, May 15, 2015 at 04:24:30PM +0200, Santiago Ruano Rincón
> wrote: ...
>> I'm attaching the clean patch to fix CVE-2015-3294.
>
> These other CVEs are related each other and still affect dnsmasq
> in squeeze and wheeze:
> https://security-tracker.debian.org/tracker/CVE-2012-3411
> https://security-tracker.debian.org/tracker/CVE-2013-0198
>
> As far as I understand, your fix to those bugs introduces the new
> --bind-dynamic option in dnsmasq. This fix also depends on libvirt,
> that needs to be modified to pass --bind-dynamic instead of
> --bind-interfaces. Please, correct me if I'm wrong.
>
> Given that in Debian they have been classified as low priority, do
> you think it's worth to do adapt those changes into squeeze and
> wheeze?
>
Your analysis is correct, and I think it's really not worth the
(large) amount of effort required.
Cheers,
Simon.
> Best regards,
>
> Santiago
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJVV3vXAAoJEBXN2mrhkTWiKbQP/2mGC4ewKPjkdllfHaJOqhbE
eycI8mmdVCoyUHGrOOMi6yp985vG7S5tlePsZBTW5INOtSjtq16yqAhwUoy5cjdc
ax1K7iD5qoaQahNj5vlLCZ0/M/y0x452J6vlkjUlkNDnC76RKQrnjZpcoG83NMiK
tfb4rr6W6zuUObTO5U73y4lcM4gMMUp8YRUL9ibtpaBVaW/eCRBBc/i7sOaVTRCG
dKdBRh/XgcNo9a/gBAVYBiu6DeBxpBIHt16fXyoSJ/UzyvXpBO4jWUsmmIlZRw9j
t/lcqL0SQRRRUk2ATyZOSYb7pNgv7RstG7JaXRlSsrKK105xPkUOIvpoDoYyfbxU
/Nq+t4vokzIYLDFIDZO+LZ5qffqAMJEi+zHCWtqXo5CKiTnwDjUtuDu21v5Pz/wB
MQz2gNZfxiOmZoV2mgVwj7Hy471MHKP308pOe3jRfH/L09jwCAh/zFklKvjFA6/+
HfzOgziATtUO6rxWLDMd0FH6C0IINjsUP2EUtrG0ztEHkTg21OPzkHY4H5FUpKUb
YekWLEPBsFuWPkQfAIZlzF8cGvFL67MmWMY5C0Kpy71BDfvemC4GpHaZm9Eb7oN2
L8CuaqEWPH6vLDNGMa1NtCCl+nsOKW8U2x6rnimMV/+MaZsoe2Z19kIrP8WtmgJH
EhgXBERF1nfrU/4yQWJ6
=XVyZ
-----END PGP SIGNATURE-----
Reply to: