dnsmasq CVE fixes for 19.07 [Was: Re: OpenWrt 21.02 and 19.07 minor release]

Petr Štetiar ynezz at true.cz
Tue Feb 15 00:36:56 PST 2022


Seo Suchan <tjtncks at gmail.com> [2022-02-15 13:29:06]:

Hi,

> I just noticed 19.07 still looks at dnsmasq 2.80: which was effeced by
> series of vulnerablity CVE-2020-25681
> <https://www.cvedetails.com/cve/CVE-2020-25681/> ~25685 and need to bumped
> at least to 2.85 like 21.02 as CVE-2021-3448
> <https://www.cvedetails.com/cve/CVE-2021-3448/> is fixed by 2.85rc1 - would
> just copying 21.02's dnsmasq makefiles (and patches) be enough to fix this?

thank you for checking, those should be fixed via https://git.openwrt.org/8055e38794741313f8f4e6059f83c71dc0ab1d1c

Cheers,

Petr



More information about the openwrt-devel mailing list