Simon Kelley simon at thekelleys.org.uk Mon May 11 17:18:25 UTC 2026 Previous message (by thread): [Dnsmasq-discuss] Issue with circuit-id matching on dhcp requests Next message (by thread): [Dnsmasq-discuss] Malformed RRSIG Can Crash dnsmasq Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] Today, 11th May 2026 CERT is releasing a set of six CVEs for serious security vulnerabilities in dnsmasq. These are all long-standing bugs which apply to pretty much all non-ancient versions. The CVE has been pre-disclosed to vendors, so hopefully they will be releasing patched versions of their dnsmasq packages in a timely manner. Details and patches are available on the website at https://thekelleys.org.uk/dnsmasq/CVE/ and I have made "2.92rel2" release of the current 2.92 dnsmasq stable release which is downloadable from the usual place and has had these patches applied. At the same time, the commits which fix these bugs in the development tree will be uploaded.…