There is an unpatched memory leak CVE in dnsmasq. Here are some references:
Here is the upstream fix:
The fix looks low risk to me.
Thanks for reporting a security bug. Make sure you put it in the Gentoo Security component next time so that the security team can pick up on it.
The bug has been referenced in the following commit(s):
Author: Allen-Webb <firstname.lastname@example.org>
AuthorDate: 2020-04-01 14:44:02 +0000
Commit: Patrick McLean <email@example.com>
CommitDate: 2020-04-01 17:19:21 +0000
net-dns/dnsmasq-2.80-r2: Revbump, fix CVE-2019-14834
Signed-off-by: Allen-Webb <firstname.lastname@example.org>
Signed-off-by: Patrick McLean <email@example.com>
...smasq-2.80-r1.ebuild => dnsmasq-2.80-r2.ebuild} | 1 +
.../files/dnsmasq-2.80-cve-2019-14834.patch | 39 ++++++++++++++++++++++
2 files changed, 40 insertions(+)
security: we should be fine to stabilize this
(In reply to Patrick McLean from comment #3)
> security: we should be fine to stabilize this
Great, thanks for the quick merge!
Didn't catch it was already stable on those arches. Tree is clean. Thanks again.
Changing to glsa?
Resetting sanity check; package list is empty or all packages are done.
GLSA Vote: No
Thank you all for you work.
Closing as [noglsa].