I am extremely interested in this also for the same reason. Also we encountered a problem with excessive file descriptors in versions higher than 2.80 (although we have not tested with 2.83 and 2.84). If this patch covers all vulnerabilities for DNSpooq with version 2.80 that would be perfect.
>The DNSpooq disclosure contains a total of 7 CVEs. >Can someone confirm that the patch backport for v2.80 published at >https://www.thekelleys.org.uk/dnsmasq/dnspooq-patches/2.80-dnspooq.patch.v2 >addresses all of them? >I guess the preferred option is an upgrade to v2.84 but I'm working on an >embedded system currently running v2.80 so applying the patch alone requires >less regression testing for a quick turnaround. We will work on a full upgrade >to v2.84 later but we want to handle this sooner than later. >Dave _______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
