Your message dated Mon, 02 Oct 2017 15:06:17 +0000 with message-id <e1dz2it-0006zi...@fasolo.debian.org> and subject line Bug#877102: fixed in dnsmasq 2.78-1 has caused the Debian Bug report #877102, regarding dnsmasq: CVE-2017-13704: Size parameter overflow via large DNS query to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 877102: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877102 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: dnsmasq Version: 2.77-1 Severity: grave Tags: upstream patch security fixed-upstream Hi, the following vulnerability was published for dnsmasq. CVE-2017-13704[0]: Size parameter overflow via large DNS query If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-13704 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13704 [1] https://bugzilla.redhat.com/show_bug.cgi?id=1495510 [2] http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2017q3/011729.html [3] http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=63437ffbb58837b214b4b92cb1c54bc5f3279928 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: dnsmasq Source-Version: 2.78-1 We believe that the bug you reported is fixed in the latest version of dnsmasq, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 877...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Simon Kelley <si...@thekelleys.org.uk> (supplier of updated dnsmasq package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 29 Sep 2017 21:34:00 +0000 Source: dnsmasq Binary: dnsmasq dnsmasq-base dnsmasq-utils Architecture: source amd64 all Version: 2.78-1 Distribution: unstable Urgency: high Maintainer: Simon Kelley <si...@thekelleys.org.uk> Changed-By: Simon Kelley <si...@thekelleys.org.uk> Description: dnsmasq - Small caching DNS proxy and DHCP/TFTP server dnsmasq-base - Small caching DNS proxy and DHCP/TFTP server dnsmasq-utils - Utilities for manipulating DHCP leases Closes: 877102 Changes: dnsmasq (2.78-1) unstable; urgency=high . * New upstream. Security fixes for CVE-2017-13704 (closes: #877102) Security fixes for CVE-2017-14491 - CVE-2017-14496 inclusive. Checksums-Sha1: 84b733865043b051a6e7c3c6303a3aa52c728d52 1876 dnsmasq_2.78-1.dsc 366529ef41ebd9b815730a84243a568a28f2fa6b 708951 dnsmasq_2.78.orig.tar.gz 95fdebe265d58ff3967abe851cb98d17ce0be2e9 23286 dnsmasq_2.78-1.diff.gz 1e129a71537822a0af250c889d2eace705d4fc32 425820 dnsmasq-base_2.78-1_amd64.deb 06368c68f0c8546ef834e736a764578dc73e4092 23606 dnsmasq-utils_2.78-1_amd64.deb deb8c75668e2fbde25f3b8bb1bbeb9f83f6ae732 16030 dnsmasq_2.78-1_all.deb 25f81ef2ce859747443e1309deeaeb01f6332bc0 5476 dnsmasq_2.78-1_amd64.buildinfo Checksums-Sha256: 109def97f274f2bf1c1742ecb5636f03a6de52fadef8bb4e3a9114a5fb48a1ab 1876 dnsmasq_2.78-1.dsc 7c835dc81b834839c061a7e88eeba74650c643e00809179af90e5062f7b0ab88 708951 dnsmasq_2.78.orig.tar.gz 8d5aa548877fc84842dc7019cc73574516a8533720f343420fc7da23b78a4cca 23286 dnsmasq_2.78-1.diff.gz d671bf5b8fe836f3fe3b245520b16628fd510ea6eb61c1ff555775733e039f89 425820 dnsmasq-base_2.78-1_amd64.deb affafdaf8de7651484a11c57923df55ee5556ddf88eeda48b1f3932e754c36db 23606 dnsmasq-utils_2.78-1_amd64.deb 30354a7711c6d25eb60caa4be9b04435ff8c531fbf6dbb3e669814a361ffef04 16030 dnsmasq_2.78-1_all.deb 193ac7e61016ae3dfe4b7ecf00164b20c72637078a439e0a68a176a148b44426 5476 dnsmasq_2.78-1_amd64.buildinfo Files: 728ed894d77cc4d2c3b3d7d4b74c3ec1 1876 net optional dnsmasq_2.78-1.dsc b643bc41f414c195a958e6c73b4fb33a 708951 net optional dnsmasq_2.78.orig.tar.gz 91557fbbe6a8dc3d628ca9f13a1d5e3b 23286 net optional dnsmasq_2.78-1.diff.gz d7f37bfd196fc7e1ccb8a4ca7e6d7655 425820 net optional dnsmasq-base_2.78-1_amd64.deb 4c511f05733febd1800b0ffe7504754d 23606 net optional dnsmasq-utils_2.78-1_amd64.deb 3182677d8c1caf16d445709716ded863 16030 net optional dnsmasq_2.78-1_all.deb c7d047931d0c695a7a3894ded1f32ab1 5476 net optional dnsmasq_2.78-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEE1urL1u5GuDQkjRESFc3aauGRNaIFAlnSQd0ACgkQFc3aauGR NaLNtw//SSWbYgXxqmExFpjFG+G7jrbfzX/AZbMkGOe2+0KtKZRz9ZaZvQ7tpov2 JnDVDwuH1yU2d9pdVj1NNbqpMWVFjwy/2fbPjDoOEPa75Q5r1WAqYz0VoepJV5QQ e/3oh+usD4e7k2tTTmK5yU14X6yD7z4kUuIxRM3teDkZ7T0uSuHotDEvcHiTs2yZ DOAmzRfvzBgNuKsAlpNLK8CBfWk+Uj+D4KnF+54sEU2cjYEv1xm16GAasrZdnzLr W3sA+8prnLEyiHG0mw8d6f2ALMKPto1GTkL3EJRiqGkLCSj2ce41UWbm4VpI1W6U WgcuPih53R7aMqBRmHJjGdKWI3BLVqYkK4oQQq1/+RpVcHzL3Tpl0j4EQzLQ93Dp TjFGIcKYHH1Bd++HWmI0i+dvPAQEAh8XTeXOEMh/HmM0+MjF/0hlLPP/ExVgyNIq Jgnfk9iyk5Cy+nToUnSm3Jk8x5AdJ9mPxlhGb06Xj63r6olkRDI4hyU0DOIVcpgW CjPgED7jaOz8vFNRhZww1ZjWFMvO9lIKLd71dhigdsRlV/ucGvLFU+tcoIqIumAk kU6nLWNH6KvT4i0gkWDp6mVToDyfR7Zo1msnEsLesyTPK/PSCYC4SqNhfdzUSlGy y473+4Xb3ZmR2A32/UphI1Wn3/hZwZOdDdcQSNKMS4P3UcPciFg= =kVsC -----END PGP SIGNATURE-----
--- End Message ---
