From ${URL} : A vulnerability was found in dmsmasq. A Denial-of-service will occur when an A or AAAA record is defined locally, in a hosts file, and an upstream server sends a reply that the same name is empty. Upstream bug: http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2016q2/010479.html Upstream fix: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=41a8d9e99be9f2cc8b02051dd322cb45e0faac87 @maintainer(s): since the fixed package is already in the tree, please let us know if it is ready for the stabilization or not.
Sure, dnsmasq-2.76 can be stabilized.
ping
CVE-2015-8899 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8899): Dnsmasq before 2.76 allows remote servers to cause a denial of service (crash) via a reply with an empty DNS address that has an (1) A or (2) AAAA record defined locally.
@arches, please stabilize: =net-dns/dnsmasq-2.76
amd64 stable
x86 stable
Stable for HPPA PPC64.
Stable on alpha.
arm stable
ppc stable
sparc stable
ia64 stable. Maintainer(s), please cleanup. Security, please vote.
Done. https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0e8efafc794d8c6f5c3c6d25ef8e92d4b454f9eb
GLSA Vote: No.