[Dnsmasq-discuss] Dnsmasq 2.75 on Ubuntu 16.04 crashes reproducibly
Albert ARIBAUD
albert.aribaud at free.fr
Tue May 3 18:28:53 BST 2016
Hi Alexander,
Le Tue, 3 May 2016 21:45:00 +0500
"Alexander E. Patrakov" <patrakov at gmail.com> a écrit:
> 2016-05-03 20:37 GMT+05:00 Simon Kelley <simon at thekelleys.org.uk>:
> > I'm pretty sure that this is fixed in the current code.
>
> It is indeed fixed in git! But distributions (including Ubuntu and
> Arch) are still distributing a vulnerable version and are probably
> unaware of it. Could you please apply for a CVE ID (if it doesn't
> already exist) so that they fix their packages?
A CVE ID? For a crash caused by a specific local name record which
clashes with the public one? What's the vulnerability or exposure here?
Besides, one cannot burden the author of some software with the
task of making sure it is up to date in distros -- unless of course he
happens to also be the package manager for some given distro, in
which case he could be held responsible for keeping that distro up to
date.
In the general case, some user (you for instance) should open a bug
report (not a CVE) to get the package updated.
Amicalement,
--
Albert.
More information about the Dnsmasq-discuss
mailing list