On 2/13/22 01:26, Hauke Mehrtens wrote:
On 2/10/22 16:12, Seo Suchan wrote:
looks like those dnsmasq exploits aren't real
bugs never looked by human (no commit related by it), but bots
confirmed that thoses look fixed by commit
011f8cf1d011ade2f9e7231fca3cabfb1e8eaf06
https://oss-fuzz.com/revisions?job=afl_asan_dnsmasq&range=202112300601:202201020605
<https://oss-fuzz.com/revisions?job=afl_asan_dnsmasq&range=202112300601:202201020605>
when I read that commit it looks like 2.86 had bug that faild to build
on gcc 4.8 and it caused fuzzer to get immediately crash, producing
bunch of 'exploits'
Thanks for that information. Do you know about some official statement
about this?
I fixed some other problems in OpenWrt 21.02:
* Linux: update to latests minor version
* hostapd: backport the patches
* wolfssl: update to recent version
* tcpdump: backport a patch
* mbedtls: update to new LTS version
* glibc: Update to latest minor version
The OpenWrt 21.02 and 19.07 branches are looking fine to me.
I am still waiting for some LuCI backports from Jo and would like to tag
and build the next minor releases tomorrow or some days later depending
on when Jo finishes the backports.
@Rosen: You wanted to update ksmbd in the feeds. Is there already a pull
request and will you merge it or should I merge it shortly before tagging?
I asked on the dnsmasq mailing list about the CVEs we saw. My current
plan is to ignore them.
Is there anything else missing?
Hauke
_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
