This is not really that big of a deal
I'll bet almost no one uses dnsmasq on "internet facing devices". They use it for internal DNS, like the DNS caching server running on my DD-WRT router. The only way anyone can utilize these holes is if they are already inside the network being served by dnsmasq. You're already screwed at that point anyway, as even if dnsmasq is patched there are always holes in Windows, Linux, and the ever growing plague of IoT devices they can utilize.