On Mon, Feb 14, 2022 at 12:00 PM Hauke Mehrtens <ha...@hauke-m.de> wrote: > > On 2/13/22 01:26, Hauke Mehrtens wrote: > > On 2/10/22 16:12, Seo Suchan wrote: > >> looks like those dnsmasq exploits aren't real > >> > >> bugs never looked by human (no commit related by it), but bots > >> confirmed that thoses look fixed by commit > >> 011f8cf1d011ade2f9e7231fca3cabfb1e8eaf06 > >> > >> https://oss-fuzz.com/revisions?job=afl_asan_dnsmasq&range=202112300601:202201020605 > >> <https://oss-fuzz.com/revisions?job=afl_asan_dnsmasq&range=202112300601:202201020605> > >> > >> > >> when I read that commit it looks like 2.86 had bug that faild to build > >> on gcc 4.8 and it caused fuzzer to get immediately crash, producing > >> bunch of 'exploits' > > > > Thanks for that information. Do you know about some official statement > > about this? > > > > I fixed some other problems in OpenWrt 21.02: > > * Linux: update to latests minor version > > * hostapd: backport the patches > > * wolfssl: update to recent version > > * tcpdump: backport a patch > > * mbedtls: update to new LTS version > > * glibc: Update to latest minor version > > The OpenWrt 21.02 and 19.07 branches are looking fine to me. > I am still waiting for some LuCI backports from Jo and would like to tag > and build the next minor releases tomorrow or some days later depending > on when Jo finishes the backports. > > @Rosen: You wanted to update ksmbd in the feeds. Is there already a pull > request and will you merge it or should I merge it shortly before tagging? https://github.com/openwrt/packages/pull/17866 > > I asked on the dnsmasq mailing list about the CVEs we saw. My current > plan is to ignore them. > > Is there anything else missing? > > Hauke
_______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel