Unlike last time we received embargoed AI generated content, this time
there is CVE assigned for dnsmasq. I have no time to solve how real they
are, but I doubt it describes anything of severity Important.
Yes, there might be bugs in DHCP parsing code, but if they need root
access, then they cannot be CVSS score 7.8. If you have not catched them
yet, just posting here they did appear. I think they should be disputed
or fixed CVSS score of them.
If any software passes unfiltered content from unprivileged users to
dnsmasq, then that software should receive Important CVE.
https://www.openwall.com/lists/oss-security/2025/10/27/1
https://www.cve.org/CVERecord?id=CVE-2025-12198
I have to get back to very real and confirmed bind9 CVE fixes. Wanted it
just posted here.
Cheers,
Petr
--
Petr Menšík
Senior Software Engineer, RHEL
Red Hat, https://www.redhat.com/
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
_______________________________________________
Dnsmasq-discuss mailing list
[email protected]
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
