[Bug 1741271] Re: Please backport CVE-2017-13704 fix from dnsmasq 2.78 to 2.76 for Newton cloud-archive
Corey Bryant
corey.bryant at canonical.com
Thu Jan 4 18:51:17 UTC 2018
Hi James,
It appears CVE-2017-13704 is a regression that was introduced in dnsmasq
2.77. This is noted in a few places, such as:
https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13704.html
https://bugzilla.redhat.com/show_bug.cgi?id=1495510
For now I'm going to close this as invalid, however if you find that
this issue does affect versions prior to 2.77, please re-open this bug
and set the status to New.
Thanks,
Corey
** Bug watch added: Red Hat Bugzilla #1495510
https://bugzilla.redhat.com/show_bug.cgi?id=1495510
** Changed in: cloud-archive/newton
Status: Triaged => Invalid
** Changed in: cloud-archive/ocata
Status: Triaged => Invalid
** Changed in: cloud-archive/newton
Importance: High => Undecided
** Changed in: cloud-archive/ocata
Importance: High => Undecided
--
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to Ubuntu Cloud Archive.
https://bugs.launchpad.net/bugs/1741271
Title:
Please backport CVE-2017-13704 fix from dnsmasq 2.78 to 2.76 for
Newton cloud-archive
Status in Ubuntu Cloud Archive:
Fix Released
Status in Ubuntu Cloud Archive newton series:
Invalid
Status in Ubuntu Cloud Archive ocata series:
Invalid
Bug description:
CVE-2017-13704 was addressed in dnsmasq-2.78, but has not been
backported to a dnsmasq release available to the cloud archive(s).
Would it be possible to address this, especially for >= Newton?
To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1741271/+subscriptions
More information about the Ubuntu-openstack-bugs
mailing list