c-ares 1.17.1-1+deb11u2 source package in Debian
Changelog
c-ares (1.17.1-1+deb11u2) bullseye; urgency=medium
* Fix CVE-2022-4904:
It was discovered that in c-ares, an asynchronous name resolver library,
the config_sortlist function is missing checks about the validity of the
input string, which allows a possible arbitrary length stack overflow and
thus may cause a denial of service. (Closes: #1031525)
-- Gregor Jasny <email address hidden> Sat, 18 Feb 2023 00:24:32 +0100
Upload details
- Uploaded by:
- Gregor Jasny
- Uploaded to:
- Bullseye
- Original maintainer:
- Gregor Jasny
- Architectures:
- any
- Section:
- libs
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Builds
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| c-ares_1.17.1-1+deb11u2.dsc | 2.1 KiB | 722ba16daf51ec3f462707ca48dcf1ded89a4d1f3941418ae31c6cd1086287dc |
| c-ares_1.17.1.orig.tar.gz | 1.4 MiB | d73dd0f6de824afd407ce10750ea081af47eba52b8a6cb307d220131ad93fc40 |
| c-ares_1.17.1.orig.tar.gz.asc | 488 bytes | 2dac298ea5c1add08bfcacc65bf879016c7f9e2ab54ca4f92f83c2b5681b4c60 |
| c-ares_1.17.1-1+deb11u2.debian.tar.xz | 10.3 KiB | 5287aeb8f59fb03b6833e1b62b18a04c02d964b557936ea6b1968cf624d86ce3 |
No changes file available.
