[Bug 1741271] Re: Please backport CVE-2017-13704 fix from dnsmasq 2.78 to 2.76 for Newton cloud-archive

[Corey Bryant]

Hi James,

It appears CVE-2017-13704 is a regression that was introduced in dnsmasq
2.77. This is noted in a few places, such as:

https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13704.html
https://bugzilla.redhat.com/show_bug.cgi?id=1495510

For now I'm going to close this as invalid, however if you find that
this issue does affect versions prior to 2.77, please re-open this bug
and set the status to New.

Thanks,
Corey


** Bug watch added: Red Hat Bugzilla #1495510
   https://bugzilla.redhat.com/show_bug.cgi?id=1495510

** Changed in: cloud-archive/newton
       Status: Triaged => Invalid

** Changed in: cloud-archive/ocata
       Status: Triaged => Invalid

** Changed in: cloud-archive/newton
   Importance: High => Undecided

** Changed in: cloud-archive/ocata
   Importance: High => Undecided

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to Ubuntu Cloud Archive.
https://bugs.launchpad.net/bugs/1741271

Title:
  Please backport CVE-2017-13704 fix from dnsmasq 2.78 to 2.76 for
  Newton cloud-archive

Status in Ubuntu Cloud Archive:
  Fix Released
Status in Ubuntu Cloud Archive newton series:
  Invalid
Status in Ubuntu Cloud Archive ocata series:
  Invalid

Bug description:
  CVE-2017-13704 was addressed in dnsmasq-2.78, but has not been
  backported to a dnsmasq release available to the cloud archive(s).
  Would it be possible to address this, especially for >= Newton?

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1741271/+subscriptions