This bug resolves CVE-2012-3411, which is described in the following bugzilla report:
https://bugzilla.redhat.com/show_bug.cgi?id=833033
The following report is specifically for libvirt on Fedora:
https://bugzilla.redhat.com/show_bug.cgi?id=874702
In short, a dnsmasq instance run with the intention of listening for DHCP/DNS requests only on a libvirt virtual network (which is constructed using a Linux host bridge) would also answer queries sent from outside the virtualization host.
<snip> It's always nice to fully explain things in the commit message, as you have done here - not only does it make the reviewer's job easier today, but down the road, it will make it much easier to answer what the CVE was all about and who is impacted (or more specifically, that default installation is NOT impacted). Thanks for taking the time to write it up. ACK. And let's get this in, so distros can start backporting the CVE fix for the sake of those people who ARE impacted.