Hi Raphael. I'm over-committed trying to get the long-overdue 2.73 release of dnsmasq out at the moment, so if the LTS team could handle the Debian mechanics of this, that would really help me.
I can confirm that the patch which fixes the issue is here http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=blobdiff;f=src/rfc1035.c;h=a995ab50d74adde068c8839684f9b3a44f4976d0;hp=7a07b0cee90655e296f57fa79f4d4a3a409b7b89;hb=ad4a8ff7d9097008d7623df8543df435bfddeac8;hpb=04b0ac05377936d121a36873bb63d492cde292c9 The are three hunks in that patch, and hunks 1 and 3 apply to 2.55. (the version in squeeze) Hunk 2 is rejected by patch: this can be ignored, it simply removes a check which is now done more completely at the start of the function. I hope that helps. Cheers, Simon. On 13/05/15 14:07, Raphael Hertzog wrote: > Hello Simon, > > the Debian LTS team would like to fix the security issues which are > currently open in the Squeeze version of dnsmasq: > https://security-tracker.debian.org/tracker/CVE-2015-3294 > (but there are other lower severities issues also open see > https://security-tracker.debian.org/tracker/source-package/dnsmasq) > > Would you like to take care of this yourself? We are still understaffed so > any help is always highly appreciated. > > If yes, please follow the workflow we have defined here: > http://wiki.debian.org/LTS/Development > > If that workflow is a burden to you, feel free to just prepare an > updated source package and send it to debian-lts@lists.debian.org--- > a/src/rfc1035.c +++ b/src/rfc1035.c @@ -1198,7 +1198,10 @@ unsigned int extract_request(struct dns_header *header, size_t qlen, char *name, size_t setup_reply(struct dns_header *header, size_t qlen, struct all_addr *addrp, unsigned int flags, unsigned long ttl) { - unsigned char *p = skip_questions(header, qlen); + unsigned char *p; + + if (!(p = skip_questions(header, qlen))) + return 0; /* clear authoritative and truncated flags, set QR flag */ header->hb3 = (header->hb3 & ~(HB3_AA | HB3_TC)) | HB3_QR; @@ -1214,7 +1217,7 @@ size_t setup_reply(struct dns_header *header, size_t qlen, SET_RCODE(header, NOERROR); /* empty domain */ else if (flags == F_NXDOMAIN) SET_RCODE(header, NXDOMAIN); - else if (p && flags == F_IPV4) + else if (flags == F_IPV4) { /* we know the address */ SET_RCODE(header, NOERROR); header->ancount = htons(1); @@ -1222,7 +1225,7 @@ size_t setup_reply(struct dns_header *header, size_t qlen, add_resource_record(header, NULL, NULL, sizeof(struct dns_header), &p, ttl, NULL, T_A, C_IN, "4", addrp); } #ifdef HAVE_IPV6 - else if (p && flags == F_IPV6) + else if (flags == F_IPV6) { SET_RCODE(header, NOERROR); header->ancount = htons(1); > (via a debdiff, or with an URL pointing to the the source package, > or even with a pointer to your packaging repository), and the members > of the LTS team will take care of the rest. Indicate clearly whether you > have tested the updated package or not. > > If you don't want to take care of this update, it's not a problem, we > will do our best with your package. Just let us know whether you would > like to review and/or test the updated package before it gets released. > > Thank you very much. > > Raphaël Hertzog, > on behalf of the Debian LTS team. > > PS: A member of the LTS team might start working on this update at > any point in time. You can verify whether someone is registered > on this update in this file: > https://anonscm.debian.org/viewvc/secure-testing/data/dla-needed.txt?view=markup > -- To UNSUBSCRIBE, email to debian-lts-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/55550c34.9070...@thekelleys.org.uk
