[Dnsmasq-discuss] DNSpooq v2.80 backport patch
Simon Kelley
simon at thekelleys.org.uk
Fri Jan 29 23:11:05 UTC 2021
On 28/01/2021 17:48, Dave M wrote:
> Hi all,
>
> The DNSpooq disclosure contains a total of 7 CVEs.
>
> Can someone confirm that the patch backport for v2.80 published
> at http://www.thekelleys.org.uk/dnsmasq/dnspooq-patches/2.80-dnspooq.patch.v2 addresses all
> of them?
>
> I guess the preferred option is an upgrade to v2.84 but I'm working on
> an embedded system currently running v2.80 so applying the patch alone
> requires less regression testing for a quick turnaround. We will work on
> a full upgrade to v2.84 later but we want to handle this sooner than later.
>
> Dave
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
The patch does address all seven CVEs. Note that there's a second
version of the patch, at
http://www.thekelleys.org.uk/dnsmasq/dnspooq-patches/2.80-dnspooq.patch.v2
which 1) fixes a regression seen in 2.83 and 2) was created with the
correct flags to patch, so the new file src/hash_questions.c is included.
Cheers,
Simon.
More information about the Dnsmasq-discuss
mailing list