On Thu, 2017-10-05 at 19:33 +0200, Guido Günther wrote: > Hi Ben, > On Thu, Oct 05, 2017 at 05:31:09PM +0100, Ben Hutchings wrote: > > I've prepared a security update for dnsmasq in wheezy, fixing the > > relevant CVEs: > > > > * CVE-2017-14491: DNS heap buffer overflow > > * CVE-2017-14492: DHCPv6 RA heap overflow > > * CVE-2017-14494: Infoleak handling DHCPv6 forwarded requests > > * CVE-2017-14496: Integer underflow in DNS response creation > > > > I checked that the package builds cleanly, the daemon runs and answers > > DNS requests. But I'm not familiar with this package so I would > > appreciate some wider testing before uploading. > > > > The updated source and amd64 binaries are available under > > <https://people.debian.org/~benh/packages/wheezy-security/>. > > I did some testing of the dnsmasq-base package runnig as dhcp provider > as spawned by libvirt and it still works as expected. Thanks. Ben. -- Ben Hutchings - Debian developer, member of kernel, installer and LTS teams
Attachment:
signature.asc
Description: This is a digitally signed message part