diff options
Diffstat (limited to 'package/network/services/dnsmasq/patches/0112-Add-CVE-numbers-to-security-update-descriptions-in-C.patch')
-rw-r--r-- | package/network/services/dnsmasq/patches/0112-Add-CVE-numbers-to-security-update-descriptions-in-C.patch | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/package/network/services/dnsmasq/patches/0112-Add-CVE-numbers-to-security-update-descriptions-in-C.patch b/package/network/services/dnsmasq/patches/0112-Add-CVE-numbers-to-security-update-descriptions-in-C.patch new file mode 100644 index 0000000000..1d7d3a7dae --- /dev/null +++ b/package/network/services/dnsmasq/patches/0112-Add-CVE-numbers-to-security-update-descriptions-in-C.patch @@ -0,0 +1,41 @@ +From e01e09c7125b40646aff4a582672e711a18a69a4 Mon Sep 17 00:00:00 2001 +From: Simon Kelley <simon@thekelleys.org.uk> +Date: Fri, 8 Jan 2021 22:50:03 +0000 +Subject: Add CVE numbers to security update descriptions in CHANGELOG + +--- + CHANGELOG | 9 +++++---- + 1 file changed, 5 insertions(+), 4 deletions(-) + +--- a/CHANGELOG ++++ b/CHANGELOG +@@ -1,16 +1,17 @@ + Fix a remote buffer overflow problem in the DNSSEC code. Any + dnsmasq with DNSSEC compiled in and enabled is vulnerable to this, +- referenced by CERT VU#434904. ++ referenced by CVE-2020-25681, CVE-2020-25682, CVE-2020-25683 ++ CVE-2020-25687. + + Be sure to only accept UDP DNS query replies at the address + from which the query was originated. This keeps as much entropy + in the {query-ID, random-port} tuple as possible, to help defeat +- cache poisoning attacks. Refer: CERT VU#434904. ++ cache poisoning attacks. Refer: CVE-2020-25684. + + Use the SHA-256 hash function to verify that DNS answers + received are for the questions originally asked. This replaces + the slightly insecure SHA-1 (when compiled with DNSSEC) or +- the very insecure CRC32 (otherwise). Refer: CERT VU#434904. ++ the very insecure CRC32 (otherwise). Refer: CVE-2020-25685. + + Handle multiple identical near simultaneous DNS queries better. + Previously, such queries would all be forwarded +@@ -24,7 +25,7 @@ + of the query. The new behaviour detects repeated queries and + merely stores the clients sending repeats so that when the + first query completes, the answer can be sent to all the +- clients who asked. Refer: CERT VU#434904. ++ clients who asked. Refer: CVE-2020-25686. + + + version 2.81 |