Re: squeeze update of dnsmasq?

To: Santiago Ruano Rincón <santiagorr@riseup.net>
Cc: debian-lts@lists.debian.org, 683372@bugs.debian.org
Subject: Re: squeeze update of dnsmasq?
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Sat, 16 May 2015 18:18:30 +0100
Message-id: <[🔎] 55577BE6.3030100@thekelleys.org.uk>
In-reply-to: <[🔎] 20150516102651.GA18031@novelo>
References: <[🔎] 20150513130738.GA9461@home.ouaza.com> <[🔎] 55550C34.9070007@thekelleys.org.uk> <[🔎] 20150515142430.GA3071@novelo> <[🔎] 20150516102651.GA18031@novelo>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256



On 16/05/15 11:26, Santiago Ruano Rincón wrote:
> Hi Simon,
> 
> On Fri, May 15, 2015 at 04:24:30PM +0200, Santiago Ruano Rincón
> wrote: ...
>> I'm attaching the clean patch to fix CVE-2015-3294.
> 
> These other CVEs are related each other and still affect dnsmasq
> in squeeze and wheeze: 
> https://security-tracker.debian.org/tracker/CVE-2012-3411 
> https://security-tracker.debian.org/tracker/CVE-2013-0198
> 
> As far as I understand, your fix to those bugs introduces the new 
> --bind-dynamic option in dnsmasq. This fix also depends on libvirt,
> that needs to be modified to pass --bind-dynamic instead of 
> --bind-interfaces. Please, correct me if I'm wrong.
> 
> Given that in Debian they have been classified as low priority, do
> you think it's worth to do adapt those changes into squeeze and
> wheeze?
> 

Your analysis is correct, and I think it's really not worth the
(large) amount of effort required.

Cheers,

Simon.


> Best regards,
> 
> Santiago
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJVV3vXAAoJEBXN2mrhkTWiKbQP/2mGC4ewKPjkdllfHaJOqhbE
eycI8mmdVCoyUHGrOOMi6yp985vG7S5tlePsZBTW5INOtSjtq16yqAhwUoy5cjdc
ax1K7iD5qoaQahNj5vlLCZ0/M/y0x452J6vlkjUlkNDnC76RKQrnjZpcoG83NMiK
tfb4rr6W6zuUObTO5U73y4lcM4gMMUp8YRUL9ibtpaBVaW/eCRBBc/i7sOaVTRCG
dKdBRh/XgcNo9a/gBAVYBiu6DeBxpBIHt16fXyoSJ/UzyvXpBO4jWUsmmIlZRw9j
t/lcqL0SQRRRUk2ATyZOSYb7pNgv7RstG7JaXRlSsrKK105xPkUOIvpoDoYyfbxU
/Nq+t4vokzIYLDFIDZO+LZ5qffqAMJEi+zHCWtqXo5CKiTnwDjUtuDu21v5Pz/wB
MQz2gNZfxiOmZoV2mgVwj7Hy471MHKP308pOe3jRfH/L09jwCAh/zFklKvjFA6/+
HfzOgziATtUO6rxWLDMd0FH6C0IINjsUP2EUtrG0ztEHkTg21OPzkHY4H5FUpKUb
YekWLEPBsFuWPkQfAIZlzF8cGvFL67MmWMY5C0Kpy71BDfvemC4GpHaZm9Eb7oN2
L8CuaqEWPH6vLDNGMa1NtCCl+nsOKW8U2x6rnimMV/+MaZsoe2Z19kIrP8WtmgJH
EhgXBERF1nfrU/4yQWJ6
=XVyZ
-----END PGP SIGNATURE-----

Reply to:

Follow-Ups:
- Re: squeeze update of dnsmasq?
  - From: Santiago Ruano Rincón <santiagorr@riseup.net>

References:
- squeeze update of dnsmasq?
  - From: Raphael Hertzog <hertzog@debian.org>
- Re: squeeze update of dnsmasq?
  - From: Simon Kelley <simon@thekelleys.org.uk>
- Re: squeeze update of dnsmasq?
  - From: Santiago Ruano Rincón <santiagorr@riseup.net>
- Re: squeeze update of dnsmasq?
  - From: Santiago Ruano Rincón <santiagorr@riseup.net>

Prev by Date: Re: squeeze update of dnsmasq?
Next by Date: Re: squeeze update of dnsmasq?
Previous by thread: Re: squeeze update of dnsmasq?
Next by thread: Re: squeeze update of dnsmasq?
Index(es):
- Date
- Thread