Debian Bug report logs -
#888200
dnsmasq: CVE-2017-15107
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Simon Kelley <simon@thekelleys.org.uk>:
Bug#888200; Package src:dnsmasq.
(Tue, 23 Jan 2018 21:21:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Simon Kelley <simon@thekelleys.org.uk>.
(Tue, 23 Jan 2018 21:21:05 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: dnsmasq
Version: 2.78-1
Severity: important
Tags: patch security upstream
Forwarded: http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2018q1/011896.html
Hi,
the following vulnerability was published for dnsmasq.
CVE-2017-15107[0]:
| A vulnerability was found in the implementation of DNSSEC in Dnsmasq
| up to and including 2.78. Wildcard synthesized NSEC records could be
| improperly interpreted to prove the non-existence of hostnames that
| actually exist.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-15107
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15107
[1] http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2018q1/011896.html
[2] http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=4fe6744a220eddd3f1749b40cac3dfc510787de6
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
Reply sent
to Simon Kelley <simon@thekelleys.org.uk>:
You have taken responsibility.
(Mon, 26 Mar 2018 10:03:16 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Mon, 26 Mar 2018 10:03:16 GMT) (full text, mbox, link).
Message #10 received at 888200-close@bugs.debian.org (full text, mbox, reply):
Source: dnsmasq
Source-Version: 2.79-1
We believe that the bug you reported is fixed in the latest version of
dnsmasq, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 888200@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Simon Kelley <simon@thekelleys.org.uk> (supplier of updated dnsmasq package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 16 Feb 2018 19:54:22 +0000
Source: dnsmasq
Binary: dnsmasq dnsmasq-base dnsmasq-base-lua dnsmasq-utils
Architecture: source amd64 all
Version: 2.79-1
Distribution: unstable
Urgency: low
Maintainer: Simon Kelley <simon@thekelleys.org.uk>
Changed-By: Simon Kelley <simon@thekelleys.org.uk>
Description:
dnsmasq - Small caching DNS proxy and DHCP/TFTP server
dnsmasq-base - Small caching DNS proxy and DHCP/TFTP server
dnsmasq-base-lua - Small caching DNS proxy and DHCP/TFTP server
dnsmasq-utils - Utilities for manipulating DHCP leases
Closes: 833596 884347 887764 888200 891315
Changes:
dnsmasq (2.79-1) unstable; urgency=low
.
* New upstream. (closes: #888200)
* Fix trust-anchor regex in init script. (closes: #884347)
* Fix exit code for dhcp_release6 (closes: #833596)
* Add project homepage to control file. (closes: #887764)
* New binary package dnsmasq-base-lua, includes Lua support.
* Remove hardwired shlibs dependency for libnettle 3.3 and
fix code to avoid ABI breakage as long as compiled against
libnettle 3.4 or later. (closes: #891315)
Checksums-Sha1:
2003181c99a4bae31699e020fe21b22bb1761ad3 2009 dnsmasq_2.79-1.dsc
65202d4935b797fb1396d636f06ef9aa98fac4a8 706034 dnsmasq_2.79.orig.tar.gz
28e839c0537ed6798f8d2b288152964fcf5b2d40 23765 dnsmasq_2.79-1.diff.gz
035af97f82e5536c2e9b69fd0dcfa57abcc26872 430984 dnsmasq-base-lua_2.79-1_amd64.deb
c6c561f778e5ae1a5f6a63e579a059921b19de54 429172 dnsmasq-base_2.79-1_amd64.deb
1bd62c31e5d0d7a28c987dd116c177b3f319dcf7 24152 dnsmasq-utils_2.79-1_amd64.deb
f83e90bcdb595d5a90072485341a5b8fdb05ca9c 16120 dnsmasq_2.79-1_all.deb
041b944b626dcd5ccea749ad18adc0b8db19fef2 6044 dnsmasq_2.79-1_amd64.buildinfo
Checksums-Sha256:
95c78f78538117eb491b02e1a50267c3105b911d9438bf2909436977ebdf93c7 2009 dnsmasq_2.79-1.dsc
bb20ce0f0e9064d5c2974366a80cafb9f3570c384ab5a686031fd3e6209852e6 706034 dnsmasq_2.79.orig.tar.gz
f9ebeb555ea85b0ab90fef7bbd868219087e9afdac7a7c46ecf24bc94ae0c5b5 23765 dnsmasq_2.79-1.diff.gz
50a4184bdff65f40a42e4f48547090a070a6a36ee21aa7b4968907374586171a 430984 dnsmasq-base-lua_2.79-1_amd64.deb
d5c1561e64b457ea82b5c8599305cc4159191b1f5386f4462647f789ee7940fe 429172 dnsmasq-base_2.79-1_amd64.deb
1227e1a39794188191364c97b710adbb7e69e5bc886c65118ebcb5b135cc83a1 24152 dnsmasq-utils_2.79-1_amd64.deb
63258f61dc3d0201ceae23592a602fca1dc99da258ea7749bbdf7ba4df942516 16120 dnsmasq_2.79-1_all.deb
86810f40f19161abfe6336bb2093e3653065f0cf2c52846e3122791b7974a18d 6044 dnsmasq_2.79-1_amd64.buildinfo
Files:
145476eea733689baa70ef94d72e410d 2009 net optional dnsmasq_2.79-1.dsc
4597eb197c8b9843eba43afa6f93c407 706034 net optional dnsmasq_2.79.orig.tar.gz
7d8af85b3e5ff49d723feab93f805553 23765 net optional dnsmasq_2.79-1.diff.gz
d91943024c64d29420d743f108b48c1d 430984 net optional dnsmasq-base-lua_2.79-1_amd64.deb
5ebcc34ef49d31b3b4d43c65660fee9f 429172 net optional dnsmasq-base_2.79-1_amd64.deb
4ba2e6e52a07a4fef5b3b8b61a1d40fc 24152 net optional dnsmasq-utils_2.79-1_amd64.deb
d6e9eacafec4ea6aeda5933e56a20b5d 16120 net optional dnsmasq_2.79-1_all.deb
46b8a8312bf6ec55f8da226f49320dcb 6044 net optional dnsmasq_2.79-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEE1urL1u5GuDQkjRESFc3aauGRNaIFAlq1aKsACgkQFc3aauGR
NaLJmw//Wegf3dx9K1TnBr+F6+Yh4BeOlrsDgzkQn83WL5ltXJWfKTmEKxKGP2m+
JM814R/Uw/Pa0ZTtupp1xYtvjOwvHBGV812ZZpIoklSRWv1kCZ+GyUUDIgyznT0d
s7XCB8ABzOYbhLqMBQN8WZQMkfmdKuqE5y6Ob4YEzaFwBs264XPWVqQ3EMoFtfpx
QKdD6ZWhFa2E8G1FWYWZ266j5nOiI3Ub+U4/TY4IAYBFhips6whpsNe3aWpFZAPZ
yqrdD3BOTs/ehR8oNuDxakXBPBpelUAVJTjzBDuGw83Qif49Q7JtrCJBw84jhu+7
UNPUCbEsN2kem1Kge2IY8Bn0J6q/zHZqNNzovWTd7qWnxI9nl3R5k8fItf/m2O5K
qh48z+XQ1Ul/NczX4/dSH/WKy+yt2Oo0j6M5ShW9zOatFB3Du5+J68JfSH34eSgL
xXWnEIeufdNjqS+AX3U1MI67d2jekIO+rN4cM91rNBGh+FCGxzuva82BvqCNC9on
ou5O5Kz6xdLZ2hvpWG9IGJzvdFiDX0s5I6VV4WEFQyYBIBLgym/v29AUHs8+T0fK
yW0kshe9u9F+X0temVB6OLoRcz06xcFLSjzHAvBzH9TpIB/IfGE1g1g2HDrOKFzM
hVNUsCAPFbm6wvBinEmyZEsLiXjua/+cJ5xYD9Qhz1U/zAWhPso=
=2CfT
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Thu, 03 May 2018 07:25:03 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 15:09:28 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon