Your message dated Wed, 26 Apr 2006 07:18:40 +0100
with message-id <[EMAIL PROTECTED]>
and subject line Bug#364842: dnsmasq: bid 17662: broadcast reply DoS
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: dnsmasq
Version: 2.22-2
Severity: grave
Justification: user security hole
According to securityfocus dnsmasq will crash if it gets a broadcast reply
packet:
http://www.securityfocus.com/bid/17662
This DoS affects sarge. Any idea if a DSA is in the works?
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.8-3-686-smp
Locale: LANG=en_AU, LC_CTYPE=en_AU (charmap=ISO-8859-1)
Versions of packages dnsmasq depends on:
ii libc6 2.3.2.ds1-22sarge3 GNU C Library: Shared libraries an
ii netbase 4.21 Basic TCP/IP networking system
--- End Message ---
--- Begin Message ---
Geoff Crompton wrote:
Package: dnsmasq
Version: 2.22-2
Severity: grave
Justification: user security hole
According to securityfocus dnsmasq will crash if it gets a broadcast reply
packet:
http://www.securityfocus.com/bid/17662
This DoS affects sarge. Any idea if a DSA is in the works?
The version of dnsmasq in Sarge is 2.22, which isn't affected, so no DSA
is needed. Testing has version 2.27, which is also pre-bug, and unstable
has/is about to get 2.30, which is fixed. Therefore only Debian
unstable users have been exposed to this, and that situation is resolved.
Cheers,
Simon.
--- End Message ---
