-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 20 Mar 2021 15:14:01 +0100 Source: dnsmasq Binary: dnsmasq dnsmasq-base dnsmasq-utils Architecture: source Version: 2.76-5+deb9u3 Distribution: stretch-security Urgency: high Maintainer: Simon Kelley <simon@thekelleys.org.uk> Changed-By: Sylvain Beucler <beuc@debian.org> Description: dnsmasq - Small caching DNS proxy and DHCP/TFTP server dnsmasq-base - Small caching DNS proxy and DHCP/TFTP server dnsmasq-utils - Utilities for manipulating DHCP leases Changes: dnsmasq (2.76-5+deb9u3) stretch-security; urgency=high . * Non-maintainer upload by the LTS Security Team. * CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25687: a heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled. All are fixed with the same patch. * CVE-2020-25684: allows an off-path (non-MITM) attacker to attempt a DNS Cache Poisoning attack. If chained with CVE-2020-25685 or CVE-2020-25686, the attack complexity of a successful attack is reduced. (CVE-2020-25685 and CVE-2020-25686 are not fixed in this version, see security-tracker.debian.org.) Checksums-Sha1: afe6a5d6ea458035bf392a5a5f6c4cda22c351c4 1904 dnsmasq_2.76-5+deb9u3.dsc 77b3c453fa68ee74c83897e940af26a07c6630fc 31454 dnsmasq_2.76-5+deb9u3.diff.gz 84610637afcdf7156eeb6294a864302c743c43ac 5693 dnsmasq_2.76-5+deb9u3_amd64.buildinfo Checksums-Sha256: 6bc76314a9e8dbbdd13bcd383faae883010612d34c16f6ef1e3e799cef0013a2 1904 dnsmasq_2.76-5+deb9u3.dsc 3423778379fb96b3a1ad4847d15d6f5e3824b60a80d49d2143083f5f64bb2913 31454 dnsmasq_2.76-5+deb9u3.diff.gz 8c8a8579fbb86e6a45d550cd39b90320056966f164f96561f2328cf1e58df485 5693 dnsmasq_2.76-5+deb9u3_amd64.buildinfo Files: 2f8429b6c5d6666a40cc8582cf1576d6 1904 net optional dnsmasq_2.76-5+deb9u3.dsc e741fecb318309b6bf9e6e3531087657 31454 net optional dnsmasq_2.76-5+deb9u3.diff.gz 1afdf7bb38767324141cbaee4b4b3b1e 5693 net optional dnsmasq_2.76-5+deb9u3_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE1vEOfV7HXWKqBieIDTl9HeUlXjAFAmBY2sEACgkQDTl9HeUl XjDIEA//UJwwkIrY8N9JsBVAiYTRhXRQhJ005sgcVvSspAkZ8nE5b6/jusg9lZwH gFPxzbiSp/0R2xWXlOgk5kWabPZPFegkshiwekWQeTDVzUb9Ow320Pkf/jzwtyry K/vBkh1w4qzwyxsThx1caaqT490V/qDHXRthC+h2f8EsAn6siG3IRTYo3ueQ4SJB B1wbFNcB47CFaUDSkKgRJK8bh4/YY5qeLLJPaKciZD5FVDbU+9fFstkpzfEnXIa3 L6iP5XqGB7zxIBfvSR+KUB19xyGhAiYx0zNpIG/sqosXqhX7fh12tTCMIapwLDiY qlXrAzdesQGNreGuaS6PntqZaaq4cTAYRSWlVwNqMOwEDXaP8iQ9Lt1wA+Saob/l Y08nimJtXLZpMyv9undA27BhZp/wxWndk8pK40GufEbMldl7zIqEleX/dxRa28xT 5AuSthLUHgN77y4cBNLDE1mrIihIxtLQ97JHtykhIl5BcCTb8HFWh9N+4rNgQiOj V9RdC26muH2d+nY5/XWQmwEcgEVqVlWDRwhNYZtJfwnPMSgsg3QrOhi/FzapGOYv 7yEUsTGHNMagDe2h9BWqMeWBPRYqd+gVhqHmd3nXfjkJsuhQkQna3b9bbCxtAj3j 83l/4yH6VykJHLnq0PLWWv+9pzOy3LVOcgYIyNCrD5HgywBSX9Q= =gwEp -----END PGP SIGNATURE-----