Summary: | <net-dns/c-ares-1.12.0: `ares_create_query` single byte out of buffer write (CVE-2016-5180) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | blueness |
Priority: | Normal | Flags: | kensington:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2016/09/29/13 | ||
Whiteboard: | B2 [glsa cve] | ||
Package list: |
=net-dns/c-ares-1.12.0
|
Runtime testing required: | --- |
Description
Agostino Sarubbo
2016-09-29 14:10:35 UTC
Affected versions: c-ares 1.0.0 to and including 1.11.0 Not affected versions: c-ares >= 1.12.0 =net-dns/c-ares-1.12.0 is in tree since https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4713589132fe11ec3184fb2602492139ce66ab37 @ Maintainer(s): Can we start stabilization of =net-dns/c-ares-1.12.0? @ Arches, please test and mark stable: =net-dns/c-ares-1.12.0 amd64 stable x86 stable arm stable Stable on alpha. sparc stable ia64 stable ppc stable ppc64 stable Stable for HPPA. New GLSA request filed. @ Maintainer(s): Please drop all ebuilds <net-dns/c-ares-1.12.0 (In reply to Thomas Deutschmann from comment #13) > New GLSA request filed. > > > @ Maintainer(s): Please drop all ebuilds <net-dns/c-ares-1.12.0 done @ Maintainer(s): Thank you for your work! This issue was resolved and addressed in GLSA 201701-28 at https://security.gentoo.org/glsa/201701-28 by GLSA coordinator Aaron Bauman (b-man). |