Hi Simon, On Fri, May 15, 2015 at 04:24:30PM +0200, Santiago Ruano Rincón wrote: ... > I'm attaching the clean patch to fix CVE-2015-3294.
These other CVEs are related each other and still affect dnsmasq in squeeze and wheeze: https://security-tracker.debian.org/tracker/CVE-2012-3411 https://security-tracker.debian.org/tracker/CVE-2013-0198 As far as I understand, your fix to those bugs introduces the new --bind-dynamic option in dnsmasq. This fix also depends on libvirt, that needs to be modified to pass --bind-dynamic instead of --bind-interfaces. Please, correct me if I'm wrong. Given that in Debian they have been classified as low priority, do you think it's worth to do adapt those changes into squeeze and wheeze? Best regards, Santiago
signature.asc
Description: Digital signature
