Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 766126 (CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25684, CVE-2020-25685, CVE-2020-25686, CVE-2020-25687) - <net-dns/dnsmasq-2.83: Multiple vulnerabilities
Summary: <net-dns/dnsmasq-2.83: Multiple vulnerabilities
Status: RESOLVED FIXED
Alias: CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25684, CVE-2020-25685, CVE-2020-25686, CVE-2020-25687
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High major
Assignee: Gentoo Security
URL: http://lists.thekelleys.org.uk/piperm...
Whiteboard: B1 [glsa+ cve]
Keywords:
Depends on: 766264
Blocks:
  Show dependency tree
 
Reported: 2021-01-19 12:10 UTC by Stijn Tintel
Modified: 2021-01-28 19:24 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Stijn Tintel 2021-01-19 12:10:48 UTC 
CVE-2020-25681 CVE-2020-25682 CVE-2020-25683 CVE-2020-25684 CVE-2020-25685 CVE-2020-25686 CVE-2020-25687

Reproducible: Always
Comment 1 Larry the Git Cow gentoo-dev 2021-01-19 18:55:30 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=71284e5674df617c4c8095a75c6abf736baf2efb

commit 71284e5674df617c4c8095a75c6abf736baf2efb
Author:     Patrick McLean <patrick.mclean@sony.com>
AuthorDate: 2021-01-19 18:55:03 +0000
Commit:     Patrick McLean <chutzpah@gentoo.org>
CommitDate: 2021-01-19 18:55:25 +0000

    net-dns/dnsmasq: Version bump to 2.83 (bug #766126)
    
    Need to bump both "standard" package, and -r100 for new lua eclasses
    since the lua stuff isn't ready for stable yet.
    
    Bug: https://bugs.gentoo.org/766126
    Copyright: Sony Interactive Entertainment Inc.
    Package-Manager: Portage-3.0.13, Repoman-3.0.2
    Signed-off-by: Patrick McLean <chutzpah@gentoo.org>

 net-dns/dnsmasq/Manifest                 |   1 +
 net-dns/dnsmasq/dnsmasq-2.83-r100.ebuild | 211 +++++++++++++++++++++++++++++++
 net-dns/dnsmasq/dnsmasq-2.83.ebuild      | 206 ++++++++++++++++++++++++++++++
 net-dns/dnsmasq/metadata.xml             |   3 +-
 4 files changed, 420 insertions(+), 1 deletion(-)
Comment 2 NATTkA bot gentoo-dev 2021-01-20 18:28:52 UTC Comment hidden (obsolete)
Comment 3 NATTkA bot gentoo-dev 2021-01-20 19:08:54 UTC Comment hidden (obsolete)
Comment 4 Thomas Deutschmann (RETIRED) gentoo-dev 2021-01-21 21:02:01 UTC 
New GLSA request filed.
Comment 5 Agostino Sarubbo gentoo-dev 2021-01-22 16:54:56 UTC 
amd64 stable
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2021-01-22 17:56:35 UTC 
This issue was resolved and addressed in
 GLSA 202101-17 at https://security.gentoo.org/glsa/202101-17
by GLSA coordinator Aaron Bauman (b-man).
Comment 7 Aaron Bauman (RETIRED) gentoo-dev 2021-01-22 17:57:02 UTC 
re-opened for final arches and cleanup
Comment 8 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-01-23 05:55:37 UTC 
arm64 done
Comment 9 Agostino Sarubbo gentoo-dev 2021-01-24 12:12:07 UTC 
x86 stable
Comment 10 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-01-25 21:56:16 UTC 
Let's swap to r101 or people will get conflicts.
Comment 11 Rolf Eike Beer archtester 2021-01-27 17:52:08 UTC 
sparc stable
Comment 12 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-01-27 23:14:43 UTC 
x86 done
Comment 13 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-01-27 23:15:11 UTC 
amd64 done
Comment 14 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-01-27 23:28:02 UTC 
arm done
Comment 15 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-01-27 23:28:18 UTC 
arm64 done
Comment 16 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-01-28 01:14:05 UTC 
ppc64 done
Comment 17 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-01-28 01:14:28 UTC 
ppc done

all arches done
Comment 18 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-01-28 01:17:28 UTC 
Please cleanup, thanks!
Comment 19 Larry the Git Cow gentoo-dev 2021-01-28 19:19:07 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ddd00a465915ad9ac6aaeabebf800bfb39d9b3ce

commit ddd00a465915ad9ac6aaeabebf800bfb39d9b3ce
Author:     Patrick McLean <patrick.mclean@sony.com>
AuthorDate: 2021-01-28 19:19:00 +0000
Commit:     Patrick McLean <chutzpah@gentoo.org>
CommitDate: 2021-01-28 19:19:00 +0000

    net-dns/dnsmasq: REmove old (security bug #766126)
    
    Bug: https://bugs.gentoo.org/766126
    Copyright: Sony Interactive Entertainment Inc.
    Package-Manager: Portage-3.0.14, Repoman-3.0.2
    Signed-off-by: Patrick McLean <chutzpah@gentoo.org>

 net-dns/dnsmasq/Manifest                 |   2 -
 net-dns/dnsmasq/dnsmasq-2.81.ebuild      | 207 ------------------------------
 net-dns/dnsmasq/dnsmasq-2.82-r100.ebuild | 210 -------------------------------
 net-dns/dnsmasq/dnsmasq-2.82.ebuild      | 205 ------------------------------
 4 files changed, 624 deletions(-)
Comment 20 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-01-28 19:24:10 UTC 
All done, thank you!