Package "dnsmasq"

  dnsmasq (2.86-1.1ubuntu0.3) jammy-security; urgency=medium

  * SECURITY UPDATE: IP fragmentation
    - src/config.h: update default max EDNS_PKTSZ to 1232 as agreed on
      dnsflagday 2020.
    - man/dnsmasq.8: updating documentation to reflect new default max
      EDNS_PKTSZ.
    - eb92fb32b746f2104b0f370b5b295bb8dd4bd5e5
    - CVE-2023-28450

 -- Ian Constantin <email address hidden> Tue, 18 Apr 2023 11:11:46 +0300

  dnsmasq (2.86-1.1ubuntu0.2) jammy; urgency=medium

  * src/forward.c: Do not refuse retries from client DNS queries. Behaviour to
    stop infinite loops when all servers return REFUSED was wrongly activated
    on client retries, resulting in incorrect REFUSED replies to client
    retries. The code added here is a cherry pick released in upstream version
    2.87, originating at
    https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=2561f9fe0eb9c0be
    (LP: #1981794)

 -- Lena Voytek <email address hidden> Fri, 14 Oct 2022 14:39:41 -0700

  dnsmasq (2.86-1.1ubuntu0.1) jammy-security; urgency=medium

  * SECURITY UPDATE: Heap use after free
    - debian/patches/CVE-2022-0934.patch: Fix write-after-free error in
      DHCPv6 code in src/rfc3315.c.
    - CVE-2022-0934

 -- Leonidas Da Silva Barbosa <email address hidden> Mon, 02 May 2022 12:09:51 -0300