Bug#1079941: bookworm-pu: package dnsmasq/2.90-4~deb12u1
Hi,
On Sun, Dec 01, 2024 at 10:14:16PM +0100, Lee Garrett wrote:
> Hi,
>
> these three CVEs are now fixed in buster and bullseye. This means users who
> upgrade to bookworm will be vulnerable to those issues again. Can we get a
> decision from the release team on this bug? Is there any information missing
> to make a decision?
What is the status on this?
Lee, I have not looked at all the changes between the current bookworm
version and trixie, but you might need to bake-out changes not
suitable for bookworm.
The alternative is actually to otherwise do a new upstream version
import on top of the current packaging. Looking in particular on the
2.90-1 changelog there might be much packaging overhaul as well.
Hope that helps. I think it will now be too late for 12.9 in a few
days but ideally those CVE fixes are landing for 12.10.
Regards,
Salvatore
Reply to: