On 2025-11-02 03:30, Olle E. Johansson wrote: > > >> On 1 Nov 2025, at 04:00, Solar Designer <[email protected]> wrote: >> >> CVEs against dnsmasq (CVE-2025-12198, CVE-2025-12199, CVE-2025-12200) >> and Kamailio (CVE-2025-12204, CVE-2025-12205, CVE-2025-12206, and >> CVE-2025-12207) mentioned in this thread are not yet disputed and have >> no comments of this sort in their descriptions.
I asked VulDB to mark the dnsmasq CVE IDs as disputed. > As part of the Kamailio project I can say that we did just become aware > of these CVEs in your email. They do not make sense. Trying to get to > the report, the config files used to provoke the issue can’t be downloaded. > > If you have access to edit the config files, there are much more simple > ways to cause damage than to provoke a problem in the config file parser. > > We will have an internal discussion but that will likely lead to the > project disputing these CVEs. Hello Olle! I was going to do o the same for the Kamailio CVE IDs but defer to the project's decision. If you do decide to dispute, the first request should go to VulDB: https://www.cve.org/PartnerInformation/ListofPartners/partner/VulDB (I accidentally asked the MITRE CNA-LR first.) Regards, - Art
