oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Questionable CVE's reported against dnsmasq

From: Salvatore Bonaccorso <carnil () debian org>
Date: Thu, 30 Oct 2025 07:15:01 +0100
Hi,

On Mon, Oct 27, 2025 at 09:40:35PM +0100, Sebastian Pipping wrote:

Hello Stuart,


On 10/27/25 20:45, Stuart Henderson wrote:

On 2025/10/27 19:51, Sebastian Pipping wrote:

Also, fixes without a CVE will not be backported downstream.


That depends on the downstream.


I'm happy to learn which downstreams backport security issues
without a CVE, in practice. Do you have an example or two?


Another very recent example is
https://lists.debian.org/debian-security-announce/2025/msg00200.html

It is about:
https://discuss.tryton.org/t/security-release-for-issue-14290/8895
https://foss.heptapod.net/tryton/tryton/-/issues/14290

While it would be nice that a identifier exists for this issue (has
not yet happend), this was not blocking doing an update.

Regards,
Salvatore
Previous By Date Next
Previous By Thread Next

Current thread: