-
dnsmasq (2.75-1ubuntu0.16.04.10) xenial-security; urgency=medium
* SECURITY UPDATE: Multiple security issues
- CVE-2017-15107: wildcard NSEC records interpretation issue
+ 4fe6744a220eddd3f1749b40cac3dfc510787de6
+ cd7df612b14ec1bf831a966ccaf076be0dae7404
- CVE-2019-14513: DoS via improper bounds checking
+ d3a8b39c7df2f0debf3b5f274a1c37a9e261f94e
-- Marc Deslauriers <email address hidden> Thu, 22 Apr 2021 09:12:18 -0400
-
dnsmasq (2.75-1ubuntu0.16.04.8) xenial-security; urgency=medium
* SECURITY REGRESSION: issue with multiple queries (LP: #1916462)
- backport multiple upstream commits to fix regressions
+ 04490bf622ac84891aad6f2dd2edf83725decdee
+ 12af2b171de0d678d98583e2190789e544440e02
+ 3f535da79e7a42104543ef5c7b5fa2bed819a78b
+ 141a26f979b4bc959d8e866a295e24f8cf456920
+ 305cb79c5754d5554729b18a2c06fe7ce699687a
-- Marc Deslauriers <email address hidden> Tue, 23 Feb 2021 08:32:59 -0500
-
dnsmasq (2.75-1ubuntu0.16.04.7) xenial-security; urgency=medium
* SECURITY UPDATE: Multiple security issues
- CVE-2020-25681: heap overflow in RRSets sorting
- CVE-2020-25682: buffer overflow in extracting names from DNS packets
- CVE-2020-25683: heap overflow in DNSSEC validation
- CVE-2020-25684: cache poisoning issue via address/port
- CVE-2020-25685: cache poisoning issue via weak hash
- CVE-2020-25686: birthday attack via incorrect existing requests check
- CVE-2020-25687: heap overflow in DNSSEC validation
- CVE-2019-14834: memory leak via DHCP response creation
-- Marc Deslauriers <email address hidden> Fri, 08 Jan 2021 12:34:33 -0500
-
dnsmasq (2.75-1ubuntu0.16.04.5) xenial-security; urgency=medium
* trusty-anchors.conf: Update DNSSEC trust anchors
- 05da782f8f45933915af0ef3cc1ba35e31d20c59
-- Marc Deslauriers <email address hidden> Thu, 12 Jul 2018 09:39:42 -0400
-
dnsmasq (2.75-1ubuntu0.16.04.4) xenial; urgency=medium
* Fix replying prematurely if one of many servers replies REFUSED
(LP: #1726017) by adding two upstream patches.
- 2.76: 4ace25c5d6: Treat REFUSED (not SERVFAIL) as an unsuccessful
upstream response
- 2.77: 68f6312d4b: Stop treating SERVFAIL as a successful response from
upstream servers.
-- Christian Ehrhardt <email address hidden> Mon, 23 Oct 2017 08:32:22 +0200
-
dnsmasq (2.75-1ubuntu0.16.04.3) xenial-security; urgency=medium
* SECURITY UPDATE: add fixes to correct multiple security issues
- CVE-2017-14491 DNS heap buffer overflow.
- CVE-2017-14492, DHCPv6 RA heap overflow.
- CVE-2017-14493, DHCPv6 - Stack buffer overflow.
- CVE-2017-14494, Infoleak handling DHCPv6 forwarded requests.
- CVE-2017-14495, OOM in DNS response creation.
- CVE-2017-14496, Integer underflow in DNS response creation.
-- Marc Deslauriers <email address hidden> Tue, 26 Sep 2017 17:42:14 -0400
-
dnsmasq (2.75-1ubuntu0.16.04.2) xenial; urgency=medium
* Add two upstream patches to fix binding to an interface being
destroyed and recreated. LP: #1639776.
+ 2675f2061525bc954be14988d64384b74aa7bf8b
+ 16800ea072dd0cdf14d951c4bb8d2808b3dfe53d
-- Nishanth Aravamudan <email address hidden> Mon, 27 Mar 2017 17:22:13 -0700
-
dnsmasq (2.75-1ubuntu0.16.04.1) xenial-security; urgency=medium
* SECURITY UPDATE: denial of service via crafted CNAME (LP: #1581181)
- src/cache.c: fix crash when empty address from DNS overlays A record
from hosts.
- 41a8d9e99be9f2cc8b02051dd322cb45e0faac87
- CVE-2015-8899
-- Marc Deslauriers <email address hidden> Tue, 14 Jun 2016 15:05:23 +0300
-
dnsmasq (2.75-1) unstable; urgency=low
* New upstream. (closes: #794095)
-- Simon Kelley <email address hidden> Thur, 30 Jul 2015 20:58:31 +0000
