Triaged as vulnerability report class C2 "A vulnerability, but not in OpenStack supported code, e.g., in a dependency" https://security.openstack.org/vmt-process.html#incident-report-taxonomy . As such there will be no advisory, but work is underway already for a security note about this: https://review.openstack.org/509160 ** Also affects: ossa Importance: Undecided Status: New ** Changed in: ossa Status: New => Won't Fix ** Information type changed from Public Security to Public ** Tags added: security ** Also affects: ossn Importance: Undecided Status: New ** Changed in: ossn Status: New => In Progress ** Changed in: ossn Assignee: (unassigned) => Luke Hinds (lhinds) -- You received this bug notification because you are a member of OpenStack Security, which is subscribed to OpenStack. https://bugs.launchpad.net/bugs/1721063 Title: vulnerability in dnsmasq Status in neutron: Won't Fix Status in OpenStack Security Advisory: Won't Fix Status in OpenStack Security Notes: In Progress Bug description: As per [1],[2] , there have been some vulnerability issue in dnsmasq. The same have been fixed in dnsmasq version 2.78 In order to avoid the vulnerabilities, it would be advisable to update dnsmasq to version 2.78 [1]: https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html [2]: https://thehackernews.com/2017/10/dnsmasq-network-services.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TheHackersNews+%28The+Hackers+News+-+Security+Blog%29&_m=3n.009a.1592.dj0ao06ba4.yhy To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1721063/+subscriptions