From ${URL} : Hi, i discovered two memory corruption vulnerabilities (double free) in ldns 1.7.0: * https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=1256 * https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=1257 and reported it to https://www.nlnetlabs.nl/bugs-script/ Both fixed in upstream (in development branch): * for bug 1256: https://git.nlnetlabs.nl/ldns/commit/?id=c8391790 * for bug 1257: https://git.nlnetlabs.nl/ldns/commit/?id=3bdeed02 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
ChangeLog from upstream shows the intended target is 1.7.1 release which is not available yet. This would require a patch for now.
this was fixed in the tree here: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bc5ac7f9daddfa46622cc9fed02ae05d0f1484cc and is already stabilized at this point
Already resolved and fixed in bug 638338 *** This bug has been marked as a duplicate of bug 638338 ***
