Google Project Zero [[just unveiled|https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html]] a bunch of critical-severity issues in dnsmasq that are already being exploited publicly; if ever there were a worthy time to backport the patched version from Debian and push it through apt, this is it. Pretty much everybody with DNS enabled on 1.1.7 is vulnerable to RCE.
I know the big push is on 1.2.x, but please don't forget about all of us with existing 1.1.x installations...