Processed: bookworm-pu: package dnsmasq/2.90-4~deb12u1

Discussion:

(too old to reply)

Debian Bug Tracking System

2024-08-28 19:40:01 UTC

affects -1 + src:dnsmasq

Bug #1079941 [release.debian.org] bookworm-pu: package dnsmasq/2.90-4~deb12u1
Added indication that 1079941 affects src:dnsmasq

--
1079941: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1079941
Debian Bug Tracking System
Contact ***@bugs.debian.org with problems

Salvatore Bonaccorso

2024-12-30 20:20:01 UTC

Permalink

Hi,

Hi,
these three CVEs are now fixed in buster and bullseye. This means users who
upgrade to bookworm will be vulnerable to those issues again. Can we get a
decision from the release team on this bug? Is there any information missing
to make a decision?

What is the status on this?

Lee, I have not looked at all the changes between the current bookworm
version and trixie, but you might need to bake-out changes not
suitable for bookworm.

The alternative is actually to otherwise do a new upstream version
import on top of the current packaging. Looking in particular on the
2.90-1 changelog there might be much packaging overhaul as well.

Hope that helps. I think it will now be too late for 12.9 in a few
days but ideally those CVE fixes are landing for 12.10.

Regards,
Salvatore

Adam D Barratt

2025-01-04 17:50:02 UTC

Permalink

package release.debian.org
tags 1079941 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==============

Package: dnsmasq
Version: 2.90-4~deb12u1

Explanation: fix denial of service issues [CVE-2023-50387 CVE-2023-50868]; set default maximum EDNS.0 UDP packet size to 1232 [CVE-2023-28450]

Debian Bug Tracking System

2025-01-04 17:50:02 UTC

Permalink

Post by Adam D Barratt
package release.debian.org

Limiting to bugs with field 'package' containing at least one of 'release.debian.org'
Limit currently set to 'package':'release.debian.org'

Post by Adam D Barratt
tags 1079941 = bookworm pending

Bug #1079941 [release.debian.org] bookworm-pu: package dnsmasq/2.90-4~deb12u1
Added tag(s) pending.

Post by Adam D Barratt
thanks

Stopping processing here.

Please contact me if you need assistance.

--
1079941: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1079941
Debian Bug Tracking System
Contact ***@bugs.debian.org with problems

Paul Gevers

2025-01-07 07:10:01 UTC

Permalink

Hi,

On Sat, 04 Jan 2025 17:43:31 +0000 Adam D Barratt

Post by Adam D Barratt
Upload details
==============
Package: dnsmasq
Version: 2.90-4~deb12u1
Explanation: fix denial of service issues [CVE-2023-50387 CVE-2023-50868]; set default maximum EDNS.0 UDP packet size to 1232 [CVE-2023-28450]

The upload triggers an autopkgtest regression in vagrant [1]. Can you
please have a look how serious that is?

Paul

[1] https://ci.debian.net/packages/v/vagrant/stable/amd64/56113136/