Bug#690075: unblock: dnsmasq/2.63-4

[intrigeri <intrigeri@debian.org>]

tags 690075 + moreinfo
thanks

Hi Moritz,

Moritz Muehlenhoff wrote (09 Oct 2012 17:51:26 GMT) :
> Please unblock package dnsmasq
> It fixes CVE-2012-3411
> unblock dnsmasq/2.63-4

The new upstream version includes quite a few changes that are
unrelated to the security fix, which probably partly explains why
nobody reviewed the proposed changes yet.

However, determining which exact set of patches should be backported
from upstream to fix this issue is not trivial, and I guess that's why
Moritz asks for the whole think to be unblocked:

54dd393 (Add --bind-dynamic) is obvious, but a few follow-up commits
come to fix the problems brought by the initial implementation; at
least these two ones seem needed:

 * 2b5bae9 -- Fall back from --bind-dynamic to --bind-interfaces in
   BSD, rather than quitting
 * 5f11b3e -- Cope with --listen-address for not yet existent addr in
   bind-dynamic mode

... and I would not bet that's enough.

Simon, are you interested in listing the commits that are needed,
on top of 2.62-3, to fix CVE-2012-3411 without breaking anything?

Cheers,
--
  intrigeri
  | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
  | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc