[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1079941: bookworm-pu: package dnsmasq/2.90-4~deb12u1



Hi,

On Sun, Dec 01, 2024 at 10:14:16PM +0100, Lee Garrett wrote:
> Hi,
> 
> these three CVEs are now fixed in buster and bullseye. This means users who
> upgrade to bookworm will be vulnerable to those issues again. Can we get a
> decision from the release team on this bug? Is there any information missing
> to make a decision?

What is the status on this?

Lee, I have not looked at all the changes between the current bookworm
version and trixie, but you might need to bake-out changes not
suitable for bookworm. 

The alternative is actually to otherwise do a new upstream version
import on top of the current packaging. Looking in particular on the
2.90-1 changelog there might be much packaging overhaul as well.

Hope that helps. I think it will now be too late for 12.9 in a few
days but ideally those CVE fixes are landing for 12.10.

Regards,
Salvatore


Reply to: