Please backport CVE-2017-13704 fix from dnsmasq 2.78 to 2.76 for Newton cloud-archive
Bug #1741271 reported by
James Denton
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Ubuntu Cloud Archive |
Fix Released
|
High
|
Unassigned | ||
| Newton |
Invalid
|
Undecided
|
Unassigned | ||
| Ocata |
Invalid
|
Undecided
|
Unassigned | ||
Bug Description
CVE-2017-13704 was addressed in dnsmasq-2.78, but has not been backported to a dnsmasq release available to the cloud archive(s). Would it be possible to address this, especially for >= Newton?
CVE References
| Changed in cloud-archive: | |
| status: | New → Triaged |
| importance: | Undecided → High |
| information type: | Public → Public Security |
| Changed in cloud-archive: | |
| status: | Triaged → Fix Released |
Revision history for this message
| Corey Bryant (corey.bryant) wrote | #1 |
Revision history for this message
| James Denton (james-denton) wrote | #2 |
To post a comment you must log in.
Hi James,
It appears CVE-2017-13704 is a regression that was introduced in dnsmasq 2.77. This is noted in a few places, such as:
https:/
https:/
For now I'm going to close this as invalid, however if you find that this issue does affect versions prior to 2.77, please re-open this bug and set the status to New.
Thanks,
Corey