[Bug 247598] Re: dnsmasq might be vulnerable to recent DNS spoofing issue
Since the package referred to in this bug is in universe or multiverse, it is community maintained. It is clear that Ubuntu 6.06 is not going to get an update for this almost 3 year old bug, so I am marking the task as Won't Fix. Please feel free to reopen if you would like to post a debdiff to fix the bug. See the following link for more information: https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures ** Changed in: dnsmasq (Ubuntu Dapper) Status: Confirmed = Won't Fix -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/247598 Title: dnsmasq might be vulnerable to recent DNS spoofing issue -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 247598] Re: dnsmasq might be vulnerable to recent DNS spoofing issue
The 18 month support period for Gutsy Gibbon 7.10 has reached its end of life - http://www.ubuntu.com/news/ubuntu-7.10-eol . As a result, we are closing the Gutsy task. ** Changed in: dnsmasq (Ubuntu Gutsy) Status: Confirmed = Won't Fix -- dnsmasq might be vulnerable to recent DNS spoofing issue https://bugs.launchpad.net/bugs/247598 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to dnsmasq in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 247598] Re: dnsmasq might be vulnerable to recent DNS spoofing issue
Ubuntu Feisty Fawn is no longer supported, so a SRU will not be issued for this release. Marking Feisty as Won't Fix. ** Changed in: dnsmasq (Ubuntu Feisty) Status: Confirmed = Won't Fix -- dnsmasq might be vulnerable to recent DNS spoofing issue https://bugs.launchpad.net/bugs/247598 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to dnsmasq in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 247598] Re: dnsmasq might be vulnerable to recent DNS spoofing issue
** Changed in: dnsmasq (Ubuntu Dapper) Status: New = Confirmed ** Changed in: dnsmasq (Ubuntu Feisty) Status: New = Confirmed ** Changed in: dnsmasq (Ubuntu Gutsy) Status: New = Confirmed -- dnsmasq might be vulnerable to recent DNS spoofing issue https://bugs.launchpad.net/bugs/247598 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to dnsmasq in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 247598] Re: dnsmasq might be vulnerable to recent DNS spoofing issue
** Changed in: dnsmasq (Ubuntu Hardy) Status: New = In Progress -- dnsmasq might be vulnerable to recent DNS spoofing issue https://bugs.launchpad.net/bugs/247598 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to dnsmasq in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 247598] Re: dnsmasq might be vulnerable to recent DNS spoofing issue
New debdiff with an additional check recommended by upstream : In the function nl_routechange() at the end of src/netlink.c, a check needs to be added to ensure that daemon-srv_save-sfd is non-NULL. This avoids a segfault. If it is NULL, just returning from the function is fine. I checked that the resulting dnsmasq build still works as a DHCP and DNS cache, and the extra patch looks non-disruptive, you should nevertheless double-check it. ** Attachment added: dnsmasq_2.41-2ubuntu2.1.debdiff http://launchpadlibrarian.net/16140344/dnsmasq_2.41-2ubuntu2.1.debdiff -- dnsmasq might be vulnerable to recent DNS spoofing issue https://bugs.launchpad.net/bugs/247598 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to dnsmasq in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 247598] Re: dnsmasq might be vulnerable to recent DNS spoofing issue
Debdiff for the security update in hardy This is based on Simon's patch but applied over 2.41 (minus the version change in config.h, plus the fix_fd call in network.c). Not heavily tested. ** Attachment added: dnsmasq_2.41-2ubuntu2.1.debdiff http://launchpadlibrarian.net/16015512/dnsmasq_2.41-2ubuntu2.1.debdiff -- dnsmasq might be vulnerable to recent DNS spoofing issue https://bugs.launchpad.net/bugs/247598 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to dnsmasq in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 247598] Re: dnsmasq might be vulnerable to recent DNS spoofing issue
Merge from latest Debian unstable version, for fixing this in intrepid. Remaining changes: - TearDown spec recommendations in debian/postinst and debian/init - debian/control: Updated maintainer to match DebianMaintainerField ** Attachment added: dnsmasq_2.43-1ubuntu1.debdiff http://launchpadlibrarian.net/16020622/dnsmasq_2.43-1ubuntu1.debdiff -- dnsmasq might be vulnerable to recent DNS spoofing issue https://bugs.launchpad.net/bugs/247598 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to dnsmasq in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 247598] Re: dnsmasq might be vulnerable to recent DNS spoofing issue
The same without the merge-o-matic whack-my-changelog-whitespaces feature ** Attachment added: dnsmasq_2.43-1ubuntu1.debdiff http://launchpadlibrarian.net/16022916/dnsmasq_2.43-1ubuntu1.debdiff -- dnsmasq might be vulnerable to recent DNS spoofing issue https://bugs.launchpad.net/bugs/247598 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to dnsmasq in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 247598] Re: dnsmasq might be vulnerable to recent DNS spoofing issue
** Attachment added: randsock-diff http://launchpadlibrarian.net/15963273/randsock-diff ** Visibility changed to: Public ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-1447 -- dnsmasq might be vulnerable to recent DNS spoofing issue https://bugs.launchpad.net/bugs/247598 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to dnsmasq in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 247598] Re: dnsmasq might be vulnerable to recent DNS spoofing issue
** Bug watch added: Debian Bug tracker #490123 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=490123 ** Also affects: dnsmasq (Debian) via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=490123 Importance: Unknown Status: Unknown -- dnsmasq might be vulnerable to recent DNS spoofing issue https://bugs.launchpad.net/bugs/247598 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to dnsmasq in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 247598] Re: dnsmasq might be vulnerable to recent DNS spoofing issue
** Changed in: dnsmasq (Debian) Status: Unknown = Fix Released -- dnsmasq might be vulnerable to recent DNS spoofing issue https://bugs.launchpad.net/bugs/247598 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to dnsmasq in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs