Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 632692 (CVE-2017-14491, CVE-2017-14492, CVE-2017-14493, CVE-2017-14494, CVE-2017-14495, CVE-2017-14496) - <net-dns/dnsmasq-2.78: Multiple vulnerabilities
Summary: <net-dns/dnsmasq-2.78: Multiple vulnerabilities
Status: RESOLVED FIXED
Alias: CVE-2017-14491, CVE-2017-14492, CVE-2017-14493, CVE-2017-14494, CVE-2017-14495, CVE-2017-14496
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High critical (vote)
Assignee: Gentoo Security
URL: https://security.googleblog.com/2017/...
Whiteboard: A1 [glsa cve]
Keywords:
: 624510 630296 (view as bug list)
Depends on:
Blocks:
 
Reported: 2017-10-02 14:16 UTC by Kristian Fiskerstrand (RETIRED)
Modified: 2018-01-25 01:24 UTC (History)
3 users (show)

See Also:
Package list:
=net-dns/dnsmasq-2.78
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Kristian Fiskerstrand (RETIRED) gentoo-dev 2017-10-02 14:16:18 UTC
@maintainers: c.f previous communication, the following issue is now public:

"""
Dnsmasq git repo is now up-to-date, and the 2.78 release it in the
website download directory.
"""
Comment 1 Larry the Git Cow gentoo-dev 2017-10-02 16:38:00 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5383e3fce7a501407d7a2e8c41efa766d3df2d67

commit 5383e3fce7a501407d7a2e8c41efa766d3df2d67
Author:     Patrick McLean <chutzpah@gentoo.org>
AuthorDate: 2017-10-02 16:37:09 +0000
Commit:     Patrick McLean <chutzpah@gentoo.org>
CommitDate: 2017-10-02 16:37:48 +0000

    net-dns/dnsmasq: Version bump for #632692
    
    Security version bump for these CVEs:
    CVE-2017-14491
    CVE-2017-14492
    CVE-2017-14493
    CVE-2017-14494
    CVE-2017-14495
    CVE-2017-14496
    
    Also make the relad action use start-stop-daemon.
    
    Bug: https://bugs.gentoo.org/632692
    Closes: https://bugs.gentoo.org/629284
    Package-Manager: Portage-2.3.10, Repoman-2.3.3

 net-dns/dnsmasq/Manifest                   |   1 +
 net-dns/dnsmasq/dnsmasq-2.78.ebuild        | 198 +++++++++++++++++++++++++++++
 net-dns/dnsmasq/files/dnsmasq-init-dhcp-r2 |  29 +++++
 net-dns/dnsmasq/files/dnsmasq-init-r3      |  23 ++++
 4 files changed, 251 insertions(+)}
Comment 2 Patrick McLean gentoo-dev 2017-10-02 16:38:29 UTC
net-dns/dnsmasq-2.78 is now in the tree, we should be good to stabilize.
Comment 3 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2017-10-02 16:54:53 UTC
(In reply to Patrick McLean from comment #2)
> net-dns/dnsmasq-2.78 is now in the tree, we should be good to stabilize.

Thank you.

@Arches please test and mark stable.

Gentoo Security Padawan
ChrisADR
Comment 4 Thomas Deutschmann gentoo-dev Security 2017-10-02 23:45:58 UTC
x86 stable
Comment 5 Agostino Sarubbo gentoo-dev 2017-10-03 10:53:40 UTC
amd64 stable
Comment 6 Sergei Trofimovich gentoo-dev 2017-10-03 15:26:32 UTC
ia64 stable
Comment 7 Sergei Trofimovich gentoo-dev 2017-10-04 08:53:32 UTC
ppc64 stable
Comment 8 Sergei Trofimovich gentoo-dev 2017-10-05 08:43:07 UTC
ppc stable
Comment 9 Sergei Trofimovich gentoo-dev 2017-10-05 09:48:17 UTC
hppa/sparc stable (thanks to Rolf Eike Beer)
Comment 10 Markus Meier gentoo-dev 2017-10-16 18:14:49 UTC
arm stable
Comment 11 Tobias Klausmann gentoo-dev 2017-10-22 21:49:08 UTC
Stable on alpha.
Comment 12 Aleksandr Wagner (Kivak) 2017-10-22 22:05:41 UTC
Stabilization is complete, thank you arches.

@ Maintainer(s): Please clean the vulnerable versions from the tree.

@ Security: Please vote on whether a glsa is needed or not.

Gentoo Security Padawan
Kivak
Comment 13 GLSAMaker/CVETool Bot gentoo-dev 2017-10-23 01:47:22 UTC
This issue was resolved and addressed in
 GLSA 201710-27 at https://security.gentoo.org/glsa/201710-27
by GLSA coordinator Aaron Bauman (b-man).
Comment 14 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2017-10-23 01:48:46 UTC
re-opened for cleanup.
Comment 15 Pacho Ramos gentoo-dev 2017-12-04 13:00:30 UTC
*** Bug 630296 has been marked as a duplicate of this bug. ***
Comment 16 Pacho Ramos gentoo-dev 2017-12-04 13:00:34 UTC
*** Bug 624510 has been marked as a duplicate of this bug. ***