On Mon, 05 Jan 2009 at 14:22:33 +0000, Simon Kelley wrote: > Simon McVittie wrote: >> Package: dnsmasq >> Version: 2.46-1 > > I got email from Colin which I acknowleged, and his fix is in the next > (upstream) dnsmasq release. It wasn't clear from his mail or from this > bug if there are implications for Lenny. It is necessary to update the > dnsmasq-2.45 package in Lenny?
Thanks, please close this bug in the appropriate version. We filed bugs for fdo-18961 because it wasn't entirely clear whether they blocked the release of the secure-by-default dbus version (in which case we'd have upgraded them to serious). In practice it seems that they're not RC and there's no need to backport this to lenny. Testing dnsmasq 2.45's D-Bus functionality with a version of D-Bus where CVE-2008-4311 has been fixed (see <http://lists.debian.org/debian-devel/2009/01/msg00082.html>) would be very useful; I've done some trivial testing on a freshly installed lenny laptop, but you know what's meant to happen much better than I do! In the unlikely event that it turns out to have regressions, please escalate this bug to serious, and coordinate with me or pkg-utopia to get it suitably tagged and fixed before we push the secure-by-default version of dbus. Thanks, Simon
signature.asc
Description: Digital signature
