From unknown Fri Jun 20 07:22:09 2025
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Mailer: MIME-tools 5.509 (Entity 5.509)
Content-Type: text/plain; charset=utf-8
From: bug#47674 <47674@debbugs.gnu.org>
To: bug#47674 <47674@debbugs.gnu.org>
Subject: Status: dnsmasq is vulnerable to CVE-2021-3448
Reply-To: bug#47674 <47674@debbugs.gnu.org>
Date: Fri, 20 Jun 2025 14:22:09 +0000

retitle 47674 dnsmasq is vulnerable to CVE-2021-3448
reassign 47674 guix
submitter 47674 Nicol=C3=B2 Balzarotti <anothersms@gmail.com>
severity 47674 normal
tag 47674 security

thanks


From debbugs-submit-bounces@debbugs.gnu.org Fri Apr 09 11:10:52 2021
Received: (at submit) by debbugs.gnu.org; 9 Apr 2021 15:10:52 +0000
Received: from localhost ([127.0.0.1]:50685 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1lUsma-0000s7-1p
	for submit@debbugs.gnu.org; Fri, 09 Apr 2021 11:10:52 -0400
Received: from lists.gnu.org ([209.51.188.17]:56604)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <anothersms@gmail.com>) id 1lUsmX-0000ry-LC
 for submit@debbugs.gnu.org; Fri, 09 Apr 2021 11:10:49 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:32978)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <anothersms@gmail.com>)
 id 1lUsmX-0007DN-F6
 for bug-guix@gnu.org; Fri, 09 Apr 2021 11:10:49 -0400
Received: from mail-wr1-x430.google.com ([2a00:1450:4864:20::430]:33751)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <anothersms@gmail.com>)
 id 1lUsmU-0007NX-Uk
 for bug-guix@gnu.org; Fri, 09 Apr 2021 11:10:49 -0400
Received: by mail-wr1-x430.google.com with SMTP id f12so6021030wro.0
 for <bug-guix@gnu.org>; Fri, 09 Apr 2021 08:10:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:subject:date:message-id:mime-version;
 bh=ATYAfhE7H9Wz3F8wB41gO/tAmCQMi2Q/GQAmdKY/UgA=;
 b=A50RokzFuwMxryjHN2WG3Yr34a9pnOq28QsgalFa70mOUUTE85SrF51M+ONdiOsZVY
 n8sS3Jq4sYVHIZiXLVfSaMPO01oG8EkNX8Byn9q9YznOoEcQx7fTAQKFKVgpxjfNryy6
 yBPqBGKShYPbHBX+qSHnypotDDmD0iDcTUvb2KwxBiL8aIRlmKIOS6I0sV97Q2FglInw
 MXwczMMhVPlqetbW/6Yo6QeJ6pF4xCvO1qvRHq2MdZ40NjFQsBGOEZT5i8oyO/UbzA/T
 xfP93w6G+Pu4+YpmPbE6EdwwflMMx2aHxfT449IzVsHm7QFQX02ABp1gUx6itp/rE9f4
 CxBA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:subject:date:message-id:mime-version;
 bh=ATYAfhE7H9Wz3F8wB41gO/tAmCQMi2Q/GQAmdKY/UgA=;
 b=aZnQqINhGfC3kn14IuBJTqywBxtX9THvtF4DxhPkEEwfLWrnx+5QaKzB0I8AwTIJXb
 xGQfhssAfjnkm27ZpxCWvimFPQjHqXbzCPa1iv0VvzVFJsZF4pC6O3f8Upg1uYTwBGDd
 v7F0fS7peoGOU2FjXD7DoqCdWhIFGdeRPSiUlfXg2KJAzUd0yn5mrXSI7d0589rY+UP/
 8T52JgoKBso1rPT382dBqd5MKiB7Vg7uXp3GmDTiCu/HYhOoWoL91yEofLy2aT5kHpMf
 YIbEvZ6ikZnyHV33wjan1J1Og/13bXNYS8jfklc8/WNOaYcSJxmfuNqBFuuG95zUusPv
 Bz0g==
X-Gm-Message-State: AOAM533OsuAlyYrzR8I+p552fEW8clc7ETOUwGAHd93o6+Ah3kpBMere
 RLsn4Wn2UxdQgAblHlY5rcLq+u4brJ4=
X-Google-Smtp-Source: ABdhPJwxgPJ708U59SJU98VNgnZpJC5ioaa9pTPYUEYkr22OtYeuHePy7qO3orB/lrdgQEH3s/aUBQ==
X-Received: by 2002:a05:6000:1102:: with SMTP id
 z2mr13492794wrw.87.1617981045485; 
 Fri, 09 Apr 2021 08:10:45 -0700 (PDT)
Received: from guixSD (host-79-17-142-89.retail.telecomitalia.it.
 [79.17.142.89])
 by smtp.gmail.com with ESMTPSA id s21sm4355929wmc.10.2021.04.09.08.10.44
 for <bug-guix@gnu.org>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Fri, 09 Apr 2021 08:10:44 -0700 (PDT)
From: =?utf-8?Q?Nicol=C3=B2_Balzarotti?= <anothersms@gmail.com>
To: bug-guix@gnu.org
Subject: dnsmasq is vulnerable to CVE-2021-3448
Date: Fri, 09 Apr 2021 17:10:43 +0200
Message-ID: <87pmz3mr2k.fsf@guixSD.i-did-not-set--mail-host-address--so-tickle-me>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="=-=-="
Received-SPF: pass client-ip=2a00:1450:4864:20::430;
 envelope-from=anothersms@gmail.com; helo=mail-wr1-x430.google.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: 0.7 (/)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -0.3 (/)

--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

CVE-2021-3448

A flaw was found in dnsmasq in versions before 2.85. When configured to
use a specific server for a given network interface, dnsmasq uses a
fixed port while forwarding queries. An attacker on the network, able to
find the outgoing port used by dnsmasq, only needs to guess the random
transmission ID to forge a reply and get it accepted by dnsmasq. This
flaw makes a DNS Cache Poisoning attack much easier. The highest threat
from this vulnerability is to data integrity.

guix ships dnsmasq@2.84. guix refresh shows version 2.85 is available,
and there are 43 dependent packages so this can go directly to master.

All dependent packages (refresh -l) build fine except for
python2-libvirt@7.2.0, which is failing also on master
(libvirt-python requires Python >=3D 3.5 to build).  Since it's a python2
package and no other packages depends on it, can we just drop it?

Thanks, Nicol=C3=B2


--=-=-=
Content-Type: text/x-patch
Content-Disposition: attachment;
 filename=0001-gnu-dnsmasq-Update-to-2.85.patch

>From a0932442c6c72d1e1a2a0f400f8afa487251189d Mon Sep 17 00:00:00 2001
From: nixo <nicolo@nixo.xyz>
Date: Fri, 9 Apr 2021 16:19:03 +0200
Subject: [PATCH] gnu: dnsmasq: Update to 2.85.

* gnu/packages/dns.scm (dnsmasq): Update to 2.85.
---
 gnu/packages/dns.scm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/gnu/packages/dns.scm b/gnu/packages/dns.scm
index c940657ce9..3cf88febae 100644
--- a/gnu/packages/dns.scm
+++ b/gnu/packages/dns.scm
@@ -278,7 +278,7 @@ prompt the user with the option to go with insecure DNS only.")
 (define-public dnsmasq
   (package
     (name "dnsmasq")
-    (version "2.84")
+    (version "2.85")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -286,7 +286,7 @@ prompt the user with the option to go with insecure DNS only.")
                     version ".tar.xz"))
               (sha256
                (base32
-                "0305a0c3snwqcv77sipyynr55xip1fp2843yn04pc4vk9g39acb0"))))
+                "1yhjwgz8g5qrqvxh6bbmg3443zi8qqjks3q872wyb1zn7n0d765d"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("pkg-config" ,pkg-config)))
-- 
2.31.1


--=-=-=--




From debbugs-submit-bounces@debbugs.gnu.org Fri Apr 09 11:12:39 2021
Received: (at control) by debbugs.gnu.org; 9 Apr 2021 15:12:39 +0000
Received: from localhost ([127.0.0.1]:50690 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1lUsoJ-0000v7-Fa
	for submit@debbugs.gnu.org; Fri, 09 Apr 2021 11:12:39 -0400
Received: from mail-wm1-f53.google.com ([209.85.128.53]:41861)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <anothersms@gmail.com>) id 1lUsoI-0000us-Du
 for control@debbugs.gnu.org; Fri, 09 Apr 2021 11:12:38 -0400
Received: by mail-wm1-f53.google.com with SMTP id
 t5-20020a1c77050000b029010e62cea9deso3185235wmi.0
 for <control@debbugs.gnu.org>; Fri, 09 Apr 2021 08:12:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:date:message-id:mime-version;
 bh=/GLGYnNtXaxct62E/XkT6AoPHsEHHunrPuKDL6Yxuzo=;
 b=s1UUtveDE5EuNHBj7OID+8llEfl4dlJBenJ0CpzAxvaZkp2Tox5tBehT+amGphYGfo
 Gv+OBRmRras/zVcJn7UTvM1KgUWPGFPIV1wAUkh1zJ5D9gYgD48MNSopi62olm25vQAx
 JSDr1TXJ28wHRYOjiiJ5tdW0qlKM1DbElPcdWiXbqItqiXu5cpvqCdT5K3fBNiH2ETXL
 mtDRVuSYCFDxlaifFZLyApvdJvXG96v7dyJr7yCSQHlq0VqsRe1bYCqwGK50gHO353ng
 lVemOv0FUEeM2Q6uy/WWT0LtvaBS+H9diZJlpfkJSk2Va5hPoBTCaHgnhAMgnfmv/NNM
 gR/Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:date:message-id:mime-version;
 bh=/GLGYnNtXaxct62E/XkT6AoPHsEHHunrPuKDL6Yxuzo=;
 b=Vm9SK2vf7ZA2NNpzTcxdJzrtGaRREz4fQzp6dAKjpZ7jCsUU1UmEeaN8r7Qwt4o3Wx
 vT9+2dLVMEtg4R/rz6F1UFmlckekyGDk/5wNFMGOxKwRcolEdPX7YDs4vywHvA9l3jMG
 zZ5JjWVE+0yB0gftA4VxdNeu8KhlxFFe8O9fpQVnosSTwZk+FcAFS6gkefJtCTJCB3np
 i4s8kc3PTvB73tVNcKBFYxaPneBAtD6QBGW0/qI8FJbkXDLBAFvB0NJM6GtfeoA6DsUJ
 pSe6H6hfFKf6Cw0cq/rFfrbG9cMXJiprMc52+Fp/xyg5hc10RejPi3XmjQxkyhs6odwN
 p7Zg==
X-Gm-Message-State: AOAM531QteGU7MgtD4K+wO5SsgBJCqapevyMMmVpbUOgmvAgiPmNCnTw
 ooGAp9jqEXzuqkm9iBX8ha6ctiDd/uQ=
X-Google-Smtp-Source: ABdhPJy+s0pTgFQK7Uf6KWBbjurpUKvtUktoG4Je5uQ8v33SABFBniDVsGW7+yAGeFZRmVWnhsWD/Q==
X-Received: by 2002:a1c:4102:: with SMTP id o2mr14268221wma.177.1617981152481; 
 Fri, 09 Apr 2021 08:12:32 -0700 (PDT)
Received: from guixSD (host-79-17-142-89.retail.telecomitalia.it.
 [79.17.142.89])
 by smtp.gmail.com with ESMTPSA id p17sm4106959wmq.47.2021.04.09.08.12.31
 for <control@debbugs.gnu.org>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Fri, 09 Apr 2021 08:12:32 -0700 (PDT)
From: =?utf-8?Q?Nicol=C3=B2_Balzarotti?= <anothersms@gmail.com>
To: control@debbugs.gnu.org
Date: Fri, 09 Apr 2021 17:12:31 +0200
Message-ID: <87mtu7mqzk.fsf@guixSD.i-did-not-set--mail-host-address--so-tickle-me>
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: 2.0 (++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview:  tags 47674 + security quit 
 Content analysis details:   (2.0 points, 10.0 required)
 pts rule name              description
 ---- ---------------------- --------------------------------------------------
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at https://www.dnswl.org/,
 no trust [209.85.128.53 listed in list.dnswl.org]
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 -0.0 SPF_PASS               SPF: sender matches SPF record
 0.0 FREEMAIL_FROM          Sender email is commonly abused enduser mail
 provider (anothersms[at]gmail.com)
 -0.0 RCVD_IN_MSPIKE_H2      RBL: Average reputation (+2)
 [209.85.128.53 listed in wl.mailspike.net]
 1.8 MISSING_SUBJECT        Missing Subject: header
 0.2 NO_SUBJECT             Extra score for no subject
X-Debbugs-Envelope-To: control
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: 1.0 (+)

tags 47674 + security
quit




From debbugs-submit-bounces@debbugs.gnu.org Fri Apr 09 15:33:33 2021
Received: (at 47674) by debbugs.gnu.org; 9 Apr 2021 19:33:33 +0000
Received: from localhost ([127.0.0.1]:50954 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1lUwsm-0007Un-Tn
	for submit@debbugs.gnu.org; Fri, 09 Apr 2021 15:33:33 -0400
Received: from out5-smtp.messagingengine.com ([66.111.4.29]:44785)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <leo@famulari.name>) id 1lUwsl-0007UY-1E
 for 47674@debbugs.gnu.org; Fri, 09 Apr 2021 15:33:31 -0400
Received: from compute3.internal (compute3.nyi.internal [10.202.2.43])
 by mailout.nyi.internal (Postfix) with ESMTP id 8144E5C010B;
 Fri,  9 Apr 2021 15:33:25 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162])
 by compute3.internal (MEProxy); Fri, 09 Apr 2021 15:33:25 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name;
 h=date:from:to:cc:subject:message-id:references:mime-version
 :content-type:in-reply-to; s=mesmtp; bh=ha7bEO3W5mQ2cS4HlTvJx2/K
 BrFqzzMDkY1vkT4a03g=; b=x7stZ5U69WAPAN+QmJGCRO7EicdP5i2xni5Gdy0X
 A0AWIqa2/7VR1YIfMEyzCFZScJE+ObIbYc1UxEGuDqcgotCxpInqhfsUF4+2aekE
 /P8qL/4sEK7ZQOr0VfutNzajDd9g3tT3GaN6ZGzLwow4fkBcJGYNlD6Rvu16KVaU
 QGI=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:content-type:date:from:in-reply-to
 :message-id:mime-version:references:subject:to:x-me-proxy
 :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=ha7bEO
 3W5mQ2cS4HlTvJx2/KBrFqzzMDkY1vkT4a03g=; b=S4Ob5/r+LeSDH7NqT0fbEQ
 MNlcmVvkhpyHeCTJrktkRG79rx7+BuJbeV8aBogrPdkY2JbBpiwMBklN576wasGY
 xHrb6U4JLK8Ho510cdGJawOwAcRktBmdhz5OmrY/nkjyaJbI7FbZXg+3uk8JkHKG
 Okoqmg2CVbK6U80X1KNIuZKFOdYYJniuSmXUD0AW6yCEOm8P5p8aF0KAn2SbHhP8
 jXAbuOVtnM9kcqYuIYyYiPw40AkN80O9zsymvhdfaWEu1cpW/89CWQoz7LW+VR4l
 fXh+6nYLAQb+PX/1HlnAh2Mv/osKADwMudSpJJ95OjXzwxIJe5BDz2Jz/g+TeKYQ
 ==
X-ME-Sender: <xms:BaxwYMDD1a6e_y6Zq_gSZhuHxAWUtaBWF4QFRoF8c317mOxMmnUqIw>
 <xme:BaxwYOj02Ls3SC--Pps8v7tVi0o2LpSTt92CJr3aEf9thuzMUkTN0ErZdfeScdPsJ
 T7-FBh5wxe7Rr9UTg>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduledrudekuddgudegvdcutefuodetggdotefrod
 ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh
 necuuegrihhlohhuthemuceftddtnecunecujfgurhepfffhvffukfhfgggtuggjsehgtd
 erredttddunecuhfhrohhmpefnvghoucfhrghmuhhlrghrihcuoehlvghosehfrghmuhhl
 rghrihdrnhgrmhgvqeenucggtffrrghtthgvrhhnpeduhfffveehtdfgjeevleefueekhf
 dtvdffteegueeigfevvdekfeeijeffgfffleenucfkphepuddttddruddurdduieelrddu
 udeknecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomheplh
 gvohesfhgrmhhulhgrrhhirdhnrghmvg
X-ME-Proxy: <xmx:BaxwYPkOqdRV1BqjcCl_NurJZlPbK69r1r34GHbCdOe_fIYlCJ4Tvg>
 <xmx:BaxwYCyC3m9p188wY5RI00UMAYirHSocBTtpPl589lYamh5-_tl_UQ>
 <xmx:BaxwYBS5hO8OXns8qBGS0tL6azddX1t72gihopYwvI3dsH3ZB1nEhg>
 <xmx:BaxwYMPcX-SRroUCzYsG5hRMizK3OnZFDvQ1IvVTJyRV6hgtoi4WQA>
Received: from localhost (pool-100-11-169-118.phlapa.fios.verizon.net
 [100.11.169.118])
 by mail.messagingengine.com (Postfix) with ESMTPA id 36592240054;
 Fri,  9 Apr 2021 15:33:25 -0400 (EDT)
Date: Fri, 9 Apr 2021 15:33:22 -0400
From: Leo Famulari <leo@famulari.name>
To: =?iso-8859-1?Q?Nicol=F2?= Balzarotti <anothersms@gmail.com>
Subject: Re: bug#47674: dnsmasq is vulnerable to CVE-2021-3448
Message-ID: <YHCsAioNoPoTh5EH@jasmine.lan>
References: <87pmz3mr2k.fsf@guixSD.i-did-not-set--mail-host-address--so-tickle-me>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature"; boundary="z4P2ohRx+psNzaCQ"
Content-Disposition: inline
In-Reply-To: <87pmz3mr2k.fsf@guixSD.i-did-not-set--mail-host-address--so-tickle-me>
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 47674
Cc: 47674@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.7 (-)


--z4P2ohRx+psNzaCQ
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Apr 09, 2021 at 05:10:43PM +0200, Nicol=F2 Balzarotti wrote:
> CVE-2021-3448
>=20
> A flaw was found in dnsmasq in versions before 2.85. When configured to
> use a specific server for a given network interface, dnsmasq uses a
> fixed port while forwarding queries. An attacker on the network, able to
> find the outgoing port used by dnsmasq, only needs to guess the random
> transmission ID to forge a reply and get it accepted by dnsmasq. This
> flaw makes a DNS Cache Poisoning attack much easier. The highest threat
> from this vulnerability is to data integrity.
>=20
> guix ships dnsmasq@2.84. guix refresh shows version 2.85 is available,
> and there are 43 dependent packages so this can go directly to master.
>=20
> All dependent packages (refresh -l) build fine except for
> python2-libvirt@7.2.0, which is failing also on master
> (libvirt-python requires Python >=3D 3.5 to build).  Since it's a python2
> package and no other packages depends on it, can we just drop it?

Yes, sounds good.

--z4P2ohRx+psNzaCQ
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAmBwrAIACgkQJkb6MLrK
fwhojxAAo4Fh1COO5Q0PhKkgXu3xELiU1524x6yweg5Rqseuob6V7HrpuljmcsfO
XFMPq2wMVghq6w6FcQDWxPblMkj3hRBquLnB1QZS0A/60RusX2gXQtg/DF+fkpIH
IVLndXxS3npMp3Lo/06xls8WYCSVYCTP6CH5gS11wqaLK18a7nV1nxAsreHODUzs
nLrLaArKcTouxe4rOsZWvD12dlePS45qBgKvMuwU/5W+jmHv60i8ExKUREs3LGux
wAskCd0FZVtdIQpnD/e/NAboSgscqELnhehI0rMcGNrGIGQl+UIIGQ37iRL9e25f
kDb2QC3x+R0oayQow0/x35dUNVSuKz9fIosrhrQvnWkeEHUVFteAZC1V7f7XJloo
FnbC6rGb9Ch7+td1YHXdl7XX0xBNwo4SFdvbwAKQK4kjjxTiqNe5BS4BoaQGtxE+
5X/LZMkI/ob56pyfVdmpRTd9G8VwjoccpESasmJx9xDWetfv1JSi9a5jZ9ulGu2l
LBkVmhyVK4v3+Cu4AjWSTG0vDozH/4GgIZx5H9FH0QgEYqqktRx/d6WkFLyuk4Is
CAbrnToJVek6q3y163XMivF9cSsxAGtBN+NnKshtvOoKL+qXWRe2JZ96LoayIGNd
rdSTcrn7AiF0uUuTyTfz+JoWqFS+YWLdrkrpIX1Jz9lH8bzzbXA=
=Oiqy
-----END PGP SIGNATURE-----

--z4P2ohRx+psNzaCQ--




From debbugs-submit-bounces@debbugs.gnu.org Fri Apr 09 15:34:43 2021
Received: (at 47674-done) by debbugs.gnu.org; 9 Apr 2021 19:34:43 +0000
Received: from localhost ([127.0.0.1]:50963 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1lUwtu-0007XE-PT
	for submit@debbugs.gnu.org; Fri, 09 Apr 2021 15:34:42 -0400
Received: from out5-smtp.messagingengine.com ([66.111.4.29]:51537)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <leo@famulari.name>) id 1lUwtt-0007X0-4L
 for 47674-done@debbugs.gnu.org; Fri, 09 Apr 2021 15:34:41 -0400
Received: from compute3.internal (compute3.nyi.internal [10.202.2.43])
 by mailout.nyi.internal (Postfix) with ESMTP id 09F1E5C010B;
 Fri,  9 Apr 2021 15:34:36 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162])
 by compute3.internal (MEProxy); Fri, 09 Apr 2021 15:34:36 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name;
 h=date:from:to:cc:subject:message-id:references:mime-version
 :content-type:content-transfer-encoding:in-reply-to; s=mesmtp;
 bh=1eeeoAe/nxUqMw/kF8Z7xWlWTT2P4dol6zHDK3kmJ9U=; b=o5OaLYGoqdhC
 GEadqoqvrgSi/s6/E9RIOgho6uqe/VGhTIMLqdj0TKAG5b8/uo682y8uSCAj4Muy
 7c/eqikJnvd+UhVA8Xn3uwMYWwkCutdSTXb83JgaV4k3SVavkM3MLTm/UpkCtC7E
 Sr2Yb9fCftocSNvCL8tidiOuxg1Kz4k=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:content-transfer-encoding:content-type
 :date:from:in-reply-to:message-id:mime-version:references
 :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender
 :x-sasl-enc; s=fm2; bh=1eeeoAe/nxUqMw/kF8Z7xWlWTT2P4dol6zHDK3kmJ
 9U=; b=QYSVFMWzOSrJoG5XuMarpTA2JRKzQuJ6VFiyoIIOmyZrJvB8uMXikrRXU
 OknrukWZshqq8bU/yz5dzIgv4n4gLHDYiQXPBwSu7shZRRqVMOrHCt/9zzirrXYm
 E2voB7ghMqoRen7yfiTStcBnIsdbuO5SpRdOi+rKyb5uZhf2CwhzlsfvROZ64r20
 Ad+duIqm4faVPfkrAUIDqQTii521Er4WxgHQLL1iu26cYlp8bvfmI9v7+l0uSyDE
 aq6xZSqb0j4H3oNlU3LZ+iOW2vssOaNq+FRUUHAI4o14+Sssdu+NQLysGCTz9Npt
 8uO22f6sU+o2LLw818xnqtWU9gN9w==
X-ME-Sender: <xms:S6xwYBcuU7qaUhK1CCGB90Xqu4vPw1vHu1zc1QgUMI7fCCpPJS0exQ>
 <xme:S6xwYFPBCVm3h5VruLN3Twt2iq9BoEmLeAYgO3ap7PRU-9PBQg2gLUsVpiP3gS0SY
 ZMLy_jrBNl9qQ0hAw>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduledrudekuddgudegvdcutefuodetggdotefrod
 ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh
 necuuegrihhlohhuthemuceftddtnecufghrlhcuvffnffculddvfedmnecujfgurhepff
 fhvffukfhfgggtugfgjgesthekredttddtudenucfhrhhomhepnfgvohcuhfgrmhhulhgr
 rhhiuceolhgvohesfhgrmhhulhgrrhhirdhnrghmvgeqnecuggftrfgrthhtvghrnhepue
 eugedugfdvgfevuedvleduleefjefhgefgjeetgfegkedukefhvdefleejhefgnecukfhp
 pedutddtrdduuddrudeiledruddukeenucevlhhushhtvghrufhiiigvpedtnecurfgrrh
 grmhepmhgrihhlfhhrohhmpehlvghosehfrghmuhhlrghrihdrnhgrmhgv
X-ME-Proxy: <xmx:S6xwYFVLHHM0i6drD8nsSY10j7duSqv9VasCW5MDUFt9yAg3flt-2w>
 <xmx:S6xwYNyBiFndi1OyKytPZ-sw2oF4NMdFeQqi-RmnjDRE8R-gB4ooTQ>
 <xmx:S6xwYM-0FcxwT1Iszqa-yRkFETqom4c6Ed1wEi1RDAjnykCsdIUkWQ>
 <xmx:TKxwYLOITVt_ru1-xNKvEiKtYYGOYWQSHgIN6bnfBZV14CpooU3YrA>
Received: from localhost (pool-100-11-169-118.phlapa.fios.verizon.net
 [100.11.169.118])
 by mail.messagingengine.com (Postfix) with ESMTPA id D1FAD240057;
 Fri,  9 Apr 2021 15:34:35 -0400 (EDT)
Date: Fri, 9 Apr 2021 15:34:34 -0400
From: Leo Famulari <leo@famulari.name>
To: =?iso-8859-1?Q?Nicol=F2?= Balzarotti <anothersms@gmail.com>
Subject: Re: bug#47674: dnsmasq is vulnerable to CVE-2021-3448
Message-ID: <YHCsSh9+7Uqdq0VU@jasmine.lan>
References: <87pmz3mr2k.fsf@guixSD.i-did-not-set--mail-host-address--so-tickle-me>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <87pmz3mr2k.fsf@guixSD.i-did-not-set--mail-host-address--so-tickle-me>
X-Spam-Score: 1.3 (+)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 
 Content preview:  On Fri, Apr 09, 2021 at 05:10:43PM +0200, Nicoḷ Balzarotti
    wrote: > From a0932442c6c72d1e1a2a0f400f8afa487251189d Mon Sep 17 00:00:00
    2001 > From: nixo <nicolo@nixo.xyz> > Date: Fri, 9 Apr 2021 16:19 [...] 
 
 Content analysis details:   (1.3 points, 10.0 required)
 
  pts rule name              description
 ---- ---------------------- --------------------------------------------------
 -0.7 RCVD_IN_DNSWL_LOW      RBL: Sender listed at https://www.dnswl.org/,
                             low trust
                             [66.111.4.29 listed in list.dnswl.org]
 -0.0 SPF_PASS               SPF: sender matches SPF record
  2.0 PDS_OTHER_BAD_TLD      Untrustworthy TLDs
                             [URI: nixo.xyz (xyz)]
 -0.0 SPF_HELO_PASS          SPF: HELO matches SPF record
X-Debbugs-Envelope-To: 47674-done
Cc: 47674-done@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: 0.3 (/)

On Fri, Apr 09, 2021 at 05:10:43PM +0200, Nicoḷ Balzarotti wrote:
> From a0932442c6c72d1e1a2a0f400f8afa487251189d Mon Sep 17 00:00:00 2001
> From: nixo <nicolo@nixo.xyz>
> Date: Fri, 9 Apr 2021 16:19:03 +0200
> Subject: [PATCH] gnu: dnsmasq: Update to 2.85.
> 
> * gnu/packages/dns.scm (dnsmasq): Update to 2.85.

Looks like this change was already done with commit
c8d809f9a49c2b4ec5500c2685e96168dcd9afa9




From debbugs-submit-bounces@debbugs.gnu.org Fri Apr 09 15:38:14 2021
Received: (at 47674) by debbugs.gnu.org; 9 Apr 2021 19:38:14 +0000
Received: from localhost ([127.0.0.1]:50972 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1lUwxK-0007du-8a
	for submit@debbugs.gnu.org; Fri, 09 Apr 2021 15:38:14 -0400
Received: from out5-smtp.messagingengine.com ([66.111.4.29]:57209)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <leo@famulari.name>) id 1lUwxI-0007dg-Sz
 for 47674@debbugs.gnu.org; Fri, 09 Apr 2021 15:38:13 -0400
Received: from compute3.internal (compute3.nyi.internal [10.202.2.43])
 by mailout.nyi.internal (Postfix) with ESMTP id 98F4B5C00F7;
 Fri,  9 Apr 2021 15:38:07 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162])
 by compute3.internal (MEProxy); Fri, 09 Apr 2021 15:38:07 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name;
 h=date:from:to:cc:subject:message-id:references:mime-version
 :content-type:content-transfer-encoding:in-reply-to; s=mesmtp;
 bh=WGH/JEek1bbG5fJm8qdxHZAwyi1WH12h4GvJtJI6Ppc=; b=QHx4cWDb9JiF
 i4IyQGJw34bz+Bmd+T9dOdlxD/5L9EHaz1UAKsYRAXQGBW9/MNJZd6/Zv0L3oo99
 v3bzSkpzs3MO8TTI3aUO3sILRlAZEMQajF9B1tGmNc9JSNI/+GXNDj3f/fOnnaXR
 1w7ZYKk3Tw0jzttOt+SDwTiWTPg2iII=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:content-transfer-encoding:content-type
 :date:from:in-reply-to:message-id:mime-version:references
 :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender
 :x-sasl-enc; s=fm2; bh=WGH/JEek1bbG5fJm8qdxHZAwyi1WH12h4GvJtJI6P
 pc=; b=QrRktn8FhFPvCxd5xgQAx7OXUaDugNzbJ7h7pHg+Wun0syHoO2FxsYAWU
 bBf0bsLsmYXqsTVK2kygulQIo71Vu16dzX2xgjYhyuHNou2Fv43CcrcmPJVUzvo1
 P4Aht1aDRtes1LU0WPvZNpBKRc1sWLucrc4geZXaH55nqF0KlaMz62AgXOYKKpoT
 TB7IilJrpgjqvh4a8rcohYu+YKTjooXCemkQ9uX+IuBK1bCBM+QY0jQPxPl4TgI6
 6LKqCx8C8yWHrs5BJiWx77php9nMvyye3yao3PgFVr5keHHX17Z47ouBhqp6hRh4
 7+ggPIpoZDeKlEjSJ2aIkQQDkffWA==
X-ME-Sender: <xms:H61wYE2GEaORELZojFkQLNWM44ZJXsxwLN7Y0I1hcxwaC0yVQfsC6Q>
 <xme:H61wYPF4EQqg85g2Q7gZcRlwazG97S8qRN5_H-tGe4UQI9PNxmUwZTa9zyuA1KIF8
 j5kYpMeD4zc2vGhvQ>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduledrudekuddgudegfecutefuodetggdotefrod
 ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh
 necuuegrihhlohhuthemuceftddtnecunecujfgurhepfffhvffukfhfgggtugfgjgesth
 ekredttddtudenucfhrhhomhepnfgvohcuhfgrmhhulhgrrhhiuceolhgvohesfhgrmhhu
 lhgrrhhirdhnrghmvgeqnecuggftrfgrthhtvghrnhepgeeileetueeuudejheefhfdtud
 fgfeefheeutdeuveefhffhffffgfevieeludfhnecuffhomhgrihhnpehgnhhurdhorhhg
 necukfhppedutddtrdduuddrudeiledruddukeenucevlhhushhtvghrufhiiigvpedtne
 curfgrrhgrmhepmhgrihhlfhhrohhmpehlvghosehfrghmuhhlrghrihdrnhgrmhgv
X-ME-Proxy: <xmx:H61wYM5cpW-F9MjyWIfB4kPTgu0NOwm7nyquNcrX0Akyzo75qGGSaw>
 <xmx:H61wYN0DlZH4yjPvNd5728BXX-UUi1MKPqD3-4hEqbp9bB3Rhhv0_g>
 <xmx:H61wYHH36k9EhawJb6pBoyPMuEpeaYvFZEk8ypzWBPodFIHEeUNNgg>
 <xmx:H61wYOx4979iIY7hwW4ghPpe62c1iWsSFjB3pbPFKYJ2bIj9AMscWg>
Received: from localhost (pool-100-11-169-118.phlapa.fios.verizon.net
 [100.11.169.118])
 by mail.messagingengine.com (Postfix) with ESMTPA id 39F37240057;
 Fri,  9 Apr 2021 15:38:07 -0400 (EDT)
Date: Fri, 9 Apr 2021 15:38:05 -0400
From: Leo Famulari <leo@famulari.name>
To: =?iso-8859-1?Q?Nicol=F2?= Balzarotti <anothersms@gmail.com>
Subject: Re: bug#47674: dnsmasq is vulnerable to CVE-2021-3448
Message-ID: <YHCtHf4Pa4ER9N7j@jasmine.lan>
References: <87pmz3mr2k.fsf@guixSD.i-did-not-set--mail-host-address--so-tickle-me>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <87pmz3mr2k.fsf@guixSD.i-did-not-set--mail-host-address--so-tickle-me>
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 47674
Cc: 47674@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.7 (-)

On Fri, Apr 09, 2021 at 05:10:43PM +0200, Nicoḷ Balzarotti wrote:
> All dependent packages (refresh -l) build fine except for
> python2-libvirt@7.2.0, which is failing also on master
> (libvirt-python requires Python >= 3.5 to build).  Since it's a python2
> package and no other packages depends on it, can we just drop it?

I notice that python2-libvirt builds okay on staging:

https://ci.guix.gnu.org/search?query=python2-libvirt&border-high-id=134835




From debbugs-submit-bounces@debbugs.gnu.org Fri Apr 09 15:47:22 2021
Received: (at 47674) by debbugs.gnu.org; 9 Apr 2021 19:47:22 +0000
Received: from localhost ([127.0.0.1]:50985 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1lUx6A-0001O7-CS
	for submit@debbugs.gnu.org; Fri, 09 Apr 2021 15:47:22 -0400
Received: from mail-wm1-f49.google.com ([209.85.128.49]:53919)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <anothersms@gmail.com>) id 1lUx68-0001IC-N2
 for 47674@debbugs.gnu.org; Fri, 09 Apr 2021 15:47:21 -0400
Received: by mail-wm1-f49.google.com with SMTP id p22so3481471wmc.3
 for <47674@debbugs.gnu.org>; Fri, 09 Apr 2021 12:47:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:cc:subject:in-reply-to:references:date:message-id
 :mime-version:content-transfer-encoding;
 bh=4XWGa0LHrkm0pD5rOk7y6AYPANszi6whEE5/NbmkrWk=;
 b=nuHeYcTWerQdkMd676FNy+itK6++t+muqQqfv7Px9Y8buO67g+QfWuG11xsgCEB6ay
 2PVXZBv58fSZm3fnSlbVJ332Wso0I+I+6DWqBf6cmfaAtu+/QTKJB9df/zL/9GON2S/H
 zj7uwD+Pq4Kl+0jhQcAbItK67RcVeBAgGjI7ay26VGQi9q643inBDu5O0e0/MCvIhC4e
 VUcKp3XlkzFI7iGmQvvktrWRGHeylPVmV5bHxOxwEA7c4Is2BHjydy8xWevTRmhfxhBC
 vvDQxDclYo+iNxZ+1yYGwOtSRRwg6JYPktuHWd2GipuUahDP50bGgC+hv1V1YO+9u7FX
 9S0g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:in-reply-to:references:date
 :message-id:mime-version:content-transfer-encoding;
 bh=4XWGa0LHrkm0pD5rOk7y6AYPANszi6whEE5/NbmkrWk=;
 b=iOcOiqBqqn6coswBgYw8DTM/v/jNo4HdADPOjUzMnD/XKHPNF6jd/obOByM9bbZaza
 7D0EENA2uwuhipfN89iyMndxEs7ApL+D8B6Zo/GwfNd9VXilIChuGIp74IxVPf8f52Qw
 9M++ijrDzaWHT28NkilFv2xx3xOZS6pfcF6WhcxrXbQytVz+a9LFtXdxYlTawckpunxQ
 JKAXu5sHL85BSocdHIBSDKLCqGcGlvOEZu34X9CSmFfbO2vUfbyFOl4f7lGVhl1bA9sH
 +GMFsUl8Yn4+VdiR/wKiZe2E5QVSrSu0lfMcIEaTKleMGeI+5v1GScQ1/W91ofxDrG9t
 mRCA==
X-Gm-Message-State: AOAM531lmbix72mM1YIAdjcIsy8AWqFX56OhvLlcsWMdNrEJrJS/rRTM
 SYkM9po6lZAVNUlJbgF+0qF80KHl6EA=
X-Google-Smtp-Source: ABdhPJwmSgREYi5YZGvSsgVHKMV2rindc2aVtwzAQJBzCN4W4d7qc4NaqTqYyRpztgT74B2CGs3d7g==
X-Received: by 2002:a05:600c:924:: with SMTP id
 m36mr4093878wmp.87.1617997634693; 
 Fri, 09 Apr 2021 12:47:14 -0700 (PDT)
Received: from guixSD (host-79-17-142-89.retail.telecomitalia.it.
 [79.17.142.89])
 by smtp.gmail.com with ESMTPSA id k7sm6298141wrw.64.2021.04.09.12.47.13
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Fri, 09 Apr 2021 12:47:14 -0700 (PDT)
From: =?utf-8?Q?Nicol=C3=B2?= Balzarotti <anothersms@gmail.com>
To: Leo Famulari <leo@famulari.name>
Subject: Re: bug#47674: dnsmasq is vulnerable to CVE-2021-3448
In-Reply-To: <YHCtHf4Pa4ER9N7j@jasmine.lan>
References: <87pmz3mr2k.fsf@guixSD.i-did-not-set--mail-host-address--so-tickle-me>
 <YHCtHf4Pa4ER9N7j@jasmine.lan>
Date: Fri, 09 Apr 2021 21:47:13 +0200
Message-ID: <87h7kfme9q.fsf@guixSD.i-did-not-set--mail-host-address--so-tickle-me>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 47674
Cc: 47674@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Leo Famulari <leo@famulari.name> writes:

> On Fri, Apr 09, 2021 at 05:10:43PM +0200, Nicol=C3=B2 Balzarotti wrote:
>> All dependent packages (refresh -l) build fine except for
>> python2-libvirt@7.2.0, which is failing also on master
>> (libvirt-python requires Python >=3D 3.5 to build).  Since it's a python2
>> package and no other packages depends on it, can we just drop it?
>
> I notice that python2-libvirt builds okay on staging:
>
> https://ci.guix.gnu.org/search?query=3Dpython2-libvirt&border-high-id=3D1=
34835

Staging has an older version (5.8 vs 7.2, which has been released in
november 2019 [fn:1] though), and it got updated a few days ago
(28cc447fc5bd0a219ad54836a343826cc34d9bd7) if I'm not wrong, so it should
fail on staging too.  Am I wrong?


[fn:1] https://pypi.org/project/libvirt-python/#history




From debbugs-submit-bounces@debbugs.gnu.org Fri Apr 09 16:07:17 2021
Received: (at 47674) by debbugs.gnu.org; 9 Apr 2021 20:07:17 +0000
Received: from localhost ([127.0.0.1]:51009 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1lUxPR-00025e-70
	for submit@debbugs.gnu.org; Fri, 09 Apr 2021 16:07:17 -0400
Received: from out5-smtp.messagingengine.com ([66.111.4.29]:53667)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <leo@famulari.name>) id 1lUxPO-00025O-Fu
 for 47674@debbugs.gnu.org; Fri, 09 Apr 2021 16:07:15 -0400
Received: from compute3.internal (compute3.nyi.internal [10.202.2.43])
 by mailout.nyi.internal (Postfix) with ESMTP id 269BE5C00B6;
 Fri,  9 Apr 2021 16:07:09 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163])
 by compute3.internal (MEProxy); Fri, 09 Apr 2021 16:07:09 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name;
 h=date:from:to:cc:subject:message-id:references:mime-version
 :content-type:content-transfer-encoding:in-reply-to; s=mesmtp;
 bh=CconW5blCxK50dtXnN2qyyGMrSO3f+LzGRoe78sDtp4=; b=JOfIl5tNtVgS
 TSGo4vp00JEfWBh3RygCmf6KGVQERnrCzTb9oUrIH4/5a0EcUwR9Vqpxz/anvQNy
 LtKAcHtZB6akv9SHHLemScQ/E4/r46w9A1JaAaBNDLDcLBNOjZjWruVNDPGm0/PL
 AwXj1RkEWuF0X7GjnOqWvDUda3Ba3Os=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:content-transfer-encoding:content-type
 :date:from:in-reply-to:message-id:mime-version:references
 :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender
 :x-sasl-enc; s=fm2; bh=CconW5blCxK50dtXnN2qyyGMrSO3f+LzGRoe78sDt
 p4=; b=LIS+IFY6g0L4Zqnn2kA6zdXHDfftaVheC4bRe+2VRDH8/HnYLb/QrMbEV
 xw7URBGL+tpQDL/e8jmKeUh7JmLqHPyJBJzSwjaKPEcex+PmTkZW5pHX7WEXXfFE
 dImoQAyoVNtK9BstriE+QXpfk1KHz2gFnn4CaQwlCZRCCtGR0iRxbSpntyeV5NT2
 cd7j3NmfOQb0wFv+edkr9byunMXdGLmOKXHCB7PLMds9G/B8qdbeHbCHhaWByfq1
 uRUSgCiZCLDRbL8L2zYmP5rvI1i5h1lFJhJhbOO+FJAwe1yhUBuFGs6knpecnu09
 3CvB1R7lt7BWBGz4b6xVNLUlu3dPw==
X-ME-Sender: <xms:7LNwYNGrvmz80OswzzDibNrEf9XvsoimSjfS2WdeZFLk-aWdAja4YQ>
 <xme:7LNwYCUKL4appUKojRphZ5TagDVGX3m-Xh31Zi51Gz4pDV0WUnkeaKFaSys_-CGFs
 -PaCR5fGBBFjTYYsw>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduledrudekuddgudeglecutefuodetggdotefrod
 ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh
 necuuegrihhlohhuthemuceftddtnecunecujfgurhepfffhvffukfhfgggtugfgjgesth
 ekredttddtudenucfhrhhomhepnfgvohcuhfgrmhhulhgrrhhiuceolhgvohesfhgrmhhu
 lhgrrhhirdhnrghmvgeqnecuggftrfgrthhtvghrnhepueeugedugfdvgfevuedvledule
 efjefhgefgjeetgfegkedukefhvdefleejhefgnecukfhppedutddtrdduuddrudeiledr
 uddukeenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpe
 hlvghosehfrghmuhhlrghrihdrnhgrmhgv
X-ME-Proxy: <xmx:7LNwYPLnoMxxMkZbQpWiKZRouY42K2JxSIQalhxC8fhNdaTi2x-txA>
 <xmx:7LNwYDGa4aSsykLF23_CffPmMeHqXm_KOtjNnz5NP7fwTrElK-Z7-A>
 <xmx:7LNwYDVxBsQ4C__TjwJF9HFK8fPLu710WFg1nHCLX4yqMWKDZniNcw>
 <xmx:7bNwYKB8emU2wABBt8s4tVdigTARHv78KPd6avxfPSAiWojqDJHmjA>
Received: from localhost (pool-100-11-169-118.phlapa.fios.verizon.net
 [100.11.169.118])
 by mail.messagingengine.com (Postfix) with ESMTPA id C67981080063;
 Fri,  9 Apr 2021 16:07:08 -0400 (EDT)
Date: Fri, 9 Apr 2021 16:07:07 -0400
From: Leo Famulari <leo@famulari.name>
To: =?iso-8859-1?Q?Nicol=F2?= Balzarotti <anothersms@gmail.com>
Subject: Re: bug#47674: dnsmasq is vulnerable to CVE-2021-3448
Message-ID: <YHCz69IMc+4ESoa0@jasmine.lan>
References: <87pmz3mr2k.fsf@guixSD.i-did-not-set--mail-host-address--so-tickle-me>
 <YHCtHf4Pa4ER9N7j@jasmine.lan>
 <87h7kfme9q.fsf@guixSD.i-did-not-set--mail-host-address--so-tickle-me>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <87h7kfme9q.fsf@guixSD.i-did-not-set--mail-host-address--so-tickle-me>
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 47674
Cc: 47674@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.7 (-)

On Fri, Apr 09, 2021 at 09:47:13PM +0200, Nicoḷ Balzarotti wrote:
> Staging has an older version (5.8 vs 7.2, which has been released in
> november 2019 [fn:1] though), and it got updated a few days ago
> (28cc447fc5bd0a219ad54836a343826cc34d9bd7) if I'm not wrong, so it should
> fail on staging too.  Am I wrong?

Ah, could be. The new staging builds haven't been performed yet.




From debbugs-submit-bounces@debbugs.gnu.org Sat Apr 10 17:39:48 2021
Received: (at 47674) by debbugs.gnu.org; 10 Apr 2021 21:39:48 +0000
Received: from localhost ([127.0.0.1]:53471 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1lVLKV-0003uq-Uy
	for submit@debbugs.gnu.org; Sat, 10 Apr 2021 17:39:48 -0400
Received: from mail-wm1-f51.google.com ([209.85.128.51]:47099)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <anothersms@gmail.com>) id 1lVLKT-0003uc-II
 for 47674@debbugs.gnu.org; Sat, 10 Apr 2021 17:39:46 -0400
Received: by mail-wm1-f51.google.com with SMTP id
 z24-20020a1cf4180000b029012463a9027fso4740504wma.5
 for <47674@debbugs.gnu.org>; Sat, 10 Apr 2021 14:39:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:cc:subject:in-reply-to:references:date:message-id
 :mime-version:content-transfer-encoding;
 bh=W3ndo3pjtixN3EsOH55IKJeV56XEaQ4HHJ+uPdI3cHU=;
 b=T/Zk9IYausPSrGI/b58VfgZxY8YXfyDbIzOS+36J/bjWDZI1aGVgdaNmownra3U9vk
 tG87YTLRKFi0YSClGwgHuAPjTlTi3Le9e+QOk3VH4lOWFB8lW9JqMdmwPWaXihVUUZWY
 dOIEo2vBccHnT2AYhgnjpC8fA03et9btFmMP9Z/I0iMMi1j4HOZ0zsDBKvol39cXoYPH
 g8Z8RDSxV+sKwrc33bCAWBoq84yTEhRyQ6+IDsCBHia3zt65Ph/SnMQ+fSIHGU9c5wxR
 bJql92Hds+EUgVv3wZp96YvVrUiKmDWsgskZ1HgG1x5OpEVlXwaxD9aqXQYw27drLFAB
 wRhw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:in-reply-to:references:date
 :message-id:mime-version:content-transfer-encoding;
 bh=W3ndo3pjtixN3EsOH55IKJeV56XEaQ4HHJ+uPdI3cHU=;
 b=G/wuJJyiFUbDkpWzlghAkwn2GuMtE1/cCpXSSla/p7oL5dlq+/X4DuqAUCAads8OPH
 6PCKG4uq3wZLgaJJr11UgwycZbyGOddIDFt7163F9ywL36AtR6kGZdc8G1EjKjs0oXl7
 VykAnFp4mhr2Qw5Deaj0D4KdwGWkvyC+VKTEmx67ZDdLpJ/prB9WzqYPVph6Aanbg4/+
 NwKmSPlL/NfP7IeodyVSKDeOzHMe0feSFz5KkYsEGEXM+MqTo+9HRuEqcz4Qsr2/iFlc
 MwxQTmDpGPV0RnzxDAQ6oaT+xMFply+elBVV0qcfjPnrKhwvPPuEdmvGPWh4zHHxz8/c
 r8Cg==
X-Gm-Message-State: AOAM533L4Kb0oOfAUc5+G6lv1C7QOSLeX1SAAl6uaG9II7y+5yJBVbFk
 5t95wk7wMwjzZDPFPz/5k46eHs1g75U=
X-Google-Smtp-Source: ABdhPJz5ntNAh4+XdN9/NuRp80xuTJkWKJ3LIIFgkDPtMH2esiOY+qmu2/Yf+T/hrguFVhdvYxTM/g==
X-Received: by 2002:a05:600c:1992:: with SMTP id
 t18mr19136624wmq.125.1618090779681; 
 Sat, 10 Apr 2021 14:39:39 -0700 (PDT)
Received: from guixSD (host-79-17-142-89.retail.telecomitalia.it.
 [79.17.142.89])
 by smtp.gmail.com with ESMTPSA id w7sm11171577wru.74.2021.04.10.14.39.38
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Sat, 10 Apr 2021 14:39:39 -0700 (PDT)
From: =?utf-8?Q?Nicol=C3=B2?= Balzarotti <anothersms@gmail.com>
To: Leo Famulari <leo@famulari.name>
Subject: Re: bug#47674: dnsmasq is vulnerable to CVE-2021-3448
In-Reply-To: <YHCz69IMc+4ESoa0@jasmine.lan>
References: <87pmz3mr2k.fsf@guixSD.i-did-not-set--mail-host-address--so-tickle-me>
 <YHCtHf4Pa4ER9N7j@jasmine.lan>
 <87h7kfme9q.fsf@guixSD.i-did-not-set--mail-host-address--so-tickle-me>
 <YHCz69IMc+4ESoa0@jasmine.lan>
Date: Sat, 10 Apr 2021 23:39:37 +0200
Message-ID: <87eefh3jl2.fsf@guixSD.i-did-not-set--mail-host-address--so-tickle-me>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 47674
Cc: 47674@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Leo Famulari <leo@famulari.name> writes:

> On Fri, Apr 09, 2021 at 09:47:13PM +0200, Nicol=C3=B2 Balzarotti wrote:
>> Staging has an older version (5.8 vs 7.2, which has been released in
>> november 2019 [fn:1] though), and it got updated a few days ago
>> (28cc447fc5bd0a219ad54836a343826cc34d9bd7) if I'm not wrong, so it should
>> fail on staging too.  Am I wrong?
>
> Ah, could be. The new staging builds haven't been performed yet.
Failed both i686 and x86_64 on staging




From debbugs-submit-bounces@debbugs.gnu.org Sat Apr 10 18:05:17 2021
Received: (at 47674) by debbugs.gnu.org; 10 Apr 2021 22:05:17 +0000
Received: from localhost ([127.0.0.1]:53493 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1lVLjA-0004Ws-PH
	for submit@debbugs.gnu.org; Sat, 10 Apr 2021 18:05:17 -0400
Received: from out4-smtp.messagingengine.com ([66.111.4.28]:35785)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <leo@famulari.name>) id 1lVLj7-0004Wa-Rn
 for 47674@debbugs.gnu.org; Sat, 10 Apr 2021 18:05:15 -0400
Received: from compute3.internal (compute3.nyi.internal [10.202.2.43])
 by mailout.nyi.internal (Postfix) with ESMTP id 894C15C012E;
 Sat, 10 Apr 2021 18:05:08 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162])
 by compute3.internal (MEProxy); Sat, 10 Apr 2021 18:05:08 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name;
 h=date:from:to:cc:subject:message-id:references:mime-version
 :content-type:content-transfer-encoding:in-reply-to; s=mesmtp;
 bh=p1/vDQN9G3z2iqZy25w8OfKMpdoJ12Jb30rFQJVswZE=; b=kfp/t8xwRe8m
 nYFreajOkhn7iKByQEaUyFl06b4lLobByqqUZr5Ev0TiDT0BRSWaN7o2wxb01cem
 Fb/69YmFembNaqZoKxMQkewPJ3iTBIhQoRzjHqTp9cJqhsONf8qIvM+qZ4NBFRYY
 zincSwF/HT+XuGTpXQ7sK14YjG+m0Ys=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:content-transfer-encoding:content-type
 :date:from:in-reply-to:message-id:mime-version:references
 :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender
 :x-sasl-enc; s=fm2; bh=p1/vDQN9G3z2iqZy25w8OfKMpdoJ12Jb30rFQJVsw
 ZE=; b=cBtJm+OLRNYoPC8Hzx+ufdub2OoL87GublcvOhlmJdInJt7X8FMqukdvt
 SHY2rosnLVnFTdxiZWqYXoPRKgiDDkeiEk9rRr75CiwD+BozZrZVZ9VFCgdU3Owx
 MRgkkA00ZEePfDzmD14S2jL/rq7nlZroDR/kYEnJHW+YP7t4fAtBUbPpt81m+sml
 uBqRnygPfZyV8sU0neq+ECiEJyr4EFYhk1ev790Pc33lGeidgTeWIvyn5IvXwD3R
 XdfYDjQPqDTyn9YgvXqwc9U475n2hwVlhQu22VY98bDYf31tzEeijGTjfijPZibU
 DfK5vjqwbQWzzNRxQwz5mi7aILktA==
X-ME-Sender: <xms:FCFyYERaNUMFofBvKkEaxqJiL5HxRSS5gQYksP5srAOtaEJHkacn6Q>
 <xme:FCFyYByjdgMMWA3jQGUB4fC_YcVsrkQ5nxwc3n0hZFcf_JaYKTb0i9fRB0Za8Y0KQ
 xiDNnEak97-eix6wg>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduledrudekgedgtdefucetufdoteggodetrfdotf
 fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen
 uceurghilhhouhhtmecufedttdenucenucfjughrpeffhffvuffkfhggtggugfgjsehtke
 ertddttddunecuhfhrohhmpefnvghoucfhrghmuhhlrghrihcuoehlvghosehfrghmuhhl
 rghrihdrnhgrmhgvqeenucggtffrrghtthgvrhhnpeeuueegudfgvdfgveeuvdeludelfe
 ejhfeggfejtefggeekudekhfdvfeeljeehgfenucfkphepuddttddruddurdduieelrddu
 udeknecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomheplh
 gvohesfhgrmhhulhgrrhhirdhnrghmvg
X-ME-Proxy: <xmx:FCFyYB3zPq26Z2u27KllkRBWgjvN-cquezS-OrXFffigjIiQtgscyQ>
 <xmx:FCFyYID92NtDNej9_dgyPTqTzaUA51uQ_4ukY92hL5akNOaoHINW4w>
 <xmx:FCFyYNizaH0a1ct582LuVPuaixlNnYDcuuWY9UHwzAYYX3qntnVmCg>
 <xmx:FCFyYHedaYiDwp6RtCj1ztRx4jFsH1FqJ8qe7xv4NiLTdILpMx_UIw>
Received: from localhost (pool-100-11-169-118.phlapa.fios.verizon.net
 [100.11.169.118])
 by mail.messagingengine.com (Postfix) with ESMTPA id 295F324005A;
 Sat, 10 Apr 2021 18:05:08 -0400 (EDT)
Date: Sat, 10 Apr 2021 18:05:06 -0400
From: Leo Famulari <leo@famulari.name>
To: =?iso-8859-1?Q?Nicol=F2?= Balzarotti <anothersms@gmail.com>
Subject: Re: bug#47674: dnsmasq is vulnerable to CVE-2021-3448
Message-ID: <YHIhEnD1mWwtlLn8@jasmine.lan>
References: <87pmz3mr2k.fsf@guixSD.i-did-not-set--mail-host-address--so-tickle-me>
 <YHCtHf4Pa4ER9N7j@jasmine.lan>
 <87h7kfme9q.fsf@guixSD.i-did-not-set--mail-host-address--so-tickle-me>
 <YHCz69IMc+4ESoa0@jasmine.lan>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <YHCz69IMc+4ESoa0@jasmine.lan>
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 47674
Cc: 47674@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.7 (-)

On Fri, Apr 09, 2021 at 04:07:07PM -0400, Leo Famulari wrote:
> On Fri, Apr 09, 2021 at 09:47:13PM +0200, Nicoḷ Balzarotti wrote:
> > Staging has an older version (5.8 vs 7.2, which has been released in
> > november 2019 [fn:1] though), and it got updated a few days ago
> > (28cc447fc5bd0a219ad54836a343826cc34d9bd7) if I'm not wrong, so it should
> > fail on staging too.  Am I wrong?
> 
> Ah, could be. The new staging builds haven't been performed yet.

Thanks for following up. Sure, I think it's fine to remove a package
if it does not build and has no dependents.




From debbugs-submit-bounces@debbugs.gnu.org Sat Apr 10 18:27:55 2021
Received: (at submit) by debbugs.gnu.org; 10 Apr 2021 22:27:55 +0000
Received: from localhost ([127.0.0.1]:53505 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1lVM55-00052d-14
	for submit@debbugs.gnu.org; Sat, 10 Apr 2021 18:27:55 -0400
Received: from lists.gnu.org ([209.51.188.17]:46390)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <me@tobias.gr>) id 1lVM53-00052W-Rv
 for submit@debbugs.gnu.org; Sat, 10 Apr 2021 18:27:54 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:52214)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <me@tobias.gr>) id 1lVM53-0000d4-Lg
 for bug-guix@gnu.org; Sat, 10 Apr 2021 18:27:53 -0400
Received: from tobias.gr ([2a02:c205:2020:6054::1]:37508)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <me@tobias.gr>) id 1lVM51-0002Un-ER
 for bug-guix@gnu.org; Sat, 10 Apr 2021 18:27:53 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tobias.gr; s=2018;
 bh=Qhv2GwV08v+bn9QXt030hmi6rTEPdzpbfcnNzsxs/MA=; h=date:in-reply-to:
 subject:cc:to:from:references; b=gXQ6/QjgOVXK9CG049XLN4gKPgEHuAfK8ZZtj
 GwAm/l6ufUurv/vxu9CT3uQ8NODJAtlTET2rOeBQNKY7c/wTyus03bunYtGmCqzH3QCAwu
 FENge6TbY/l75ATCiKcgK6ARxsmZmfimQOYh7NUh4hSkxRYIFzParjqjv2G/7AhyyLOHQk
 dNnOYB+RxyRb5IUwNLdDnOHf8TV1BgrotZLZadA+gjSpp8G0KMjVMY8GsEbvRVpN3EDGOW
 0EkxrvzNhKsbYVPkcXSSgQNVPrSpDhjrkRg6PPH3ICf+Le5WPMXggMJV30KTTxnpUuKkfH
 V8ciphGdIwKaqeZiVJDrFZjjg==
Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id 26a1c01e
 (TLSv1.2:ECDHE-ECDSA-AES256-GCM-SHA384:256:NO); 
 Sat, 10 Apr 2021 22:27:48 +0000 (UTC)
References: <87pmz3mr2k.fsf@guixSD.i-did-not-set--mail-host-address--so-tickle-me>
From: Tobias Geerinckx-Rice <me@tobias.gr>
To: =?utf-8?Q?Nicol=C3=B2?= Balzarotti <anothersms@gmail.com>
Subject: Re: bug#47674: dnsmasq is vulnerable to CVE-2021-3448
In-reply-to: <87pmz3mr2k.fsf@guixSD.i-did-not-set--mail-host-address--so-tickle-me>
BIMI-Selector: v=BIMI1; s=default;
Date: Sun, 11 Apr 2021 00:27:47 +0200
Message-ID: <878s5phj18.fsf@nckx>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
 micalg=pgp-sha512; protocol="application/pgp-signature"
Received-SPF: pass client-ip=2a02:c205:2020:6054::1; envelope-from=me@tobias.gr;
 helo=tobias.gr
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_PASS=-0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: -1.4 (-)
X-Debbugs-Envelope-To: submit
Cc: bug-guix@gnu.org, 47674@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -2.4 (--)

--=-=-=
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: quoted-printable

Nicol=C3=B2,

Nicol=C3=B2 Balzarotti writes:
> gnu/packages/dns.scm (dnsmasq): Update to 2.85.

I see you managed to aim this beautifully between me searching the=20
issue tracker for =E2=80=98dnsmasq=E2=80=99 and me actually pushing an upda=
te, so=20
well done I guess.

(Also: sorry for the duplicated effort, and thanks for keeping an=20
eye on the securities. :-)

Kind regards,

T G-R

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iIMEARYKACsWIQT12iAyS4c9C3o4dnINsP+IT1VteQUCYHImZA0cbWVAdG9iaWFz
LmdyAAoJEA2w/4hPVW15/lYBAIdy87NnZyCQC3xB6NzcYF8sOQ8H4O1SnVDzr53e
0uhkAQDIYLIyHPJfMuKojir4w4uIJPK392rXg1fpPA4HQKmdBw==
=jkh7
-----END PGP SIGNATURE-----
--=-=-=--




From unknown Fri Jun 20 07:22:09 2025
Received: (at fakecontrol) by fakecontrolmessage;
To: internal_control@debbugs.gnu.org
From: Debbugs Internal Request <help-debbugs@gnu.org>
Subject: Internal Control
Message-Id: bug archived.
Date: Sun, 09 May 2021 11:24:08 +0000
User-Agent: Fakemail v42.6.9

# This is a fake control message.
#
# The action:
# bug archived.
thanks
# This fakemail brought to you by your local debbugs
# administrator