This issue was already patched on version 13.2. Debian does not always fix security issues by moving to the next upstream release, in many situations the security fix is backported to previous releases. In the case of this CVE the fix was backported to DNSMasq version 2.72-3+deb8u2, which is currently available to all Untangle appliances on version 13.2. You can read the official Debian Security Tracker page here, https://security-tracker.debian.org/tracker/CVE-2017-14491.
Please contact support if you have any additional questions.Follow