tags 690075 + moreinfo thanks Hi Moritz,
Moritz Muehlenhoff wrote (09 Oct 2012 17:51:26 GMT) : > Please unblock package dnsmasq > It fixes CVE-2012-3411 > unblock dnsmasq/2.63-4 The new upstream version includes quite a few changes that are unrelated to the security fix, which probably partly explains why nobody reviewed the proposed changes yet. However, determining which exact set of patches should be backported from upstream to fix this issue is not trivial, and I guess that's why Moritz asks for the whole think to be unblocked: 54dd393 (Add --bind-dynamic) is obvious, but a few follow-up commits come to fix the problems brought by the initial implementation; at least these two ones seem needed: * 2b5bae9 -- Fall back from --bind-dynamic to --bind-interfaces in BSD, rather than quitting * 5f11b3e -- Cope with --listen-address for not yet existent addr in bind-dynamic mode ... and I would not bet that's enough. Simon, are you interested in listing the commits that are needed, on top of 2.62-3, to fix CVE-2012-3411 without breaking anything? Cheers, -- intrigeri | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
