Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 724340 - <net-dns/c-ares-1.16.1: Multiple vulnerabilities
Summary: <net-dns/c-ares-1.16.1: Multiple vulnerabilities
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [noglsa]
Keywords:
Depends on: 723394
Blocks:
  Show dependency tree
 
Reported: 2020-05-20 14:00 UTC by Sam James
Modified: 2020-06-18 03:14 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-05-20 14:00:28 UTC 
c-ares version 1.16.1 - May 11 2020

Security:

    Prevent possible use-after-free and double-free in ares_getaddrinfo() if ares_destroy() is called prior to ares_getaddrinfo() completing. Reported by Jann Horn at Google Project Zero.
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-05-20 14:01:05 UTC 
Stabilisation ongoing in bug 723394.
Comment 2 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-05-25 21:59:25 UTC 
@maintainer(s), please cleanup
Comment 3 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-06-18 02:36:35 UTC 
@maintainer(s), ping, please cleanup
Comment 4 Larry the Git Cow gentoo-dev 2020-06-18 03:13:50 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2c5e7dfe807fd96df76a3447a5bf8cffd5e6d043

commit 2c5e7dfe807fd96df76a3447a5bf8cffd5e6d043
Author:     Aaron Bauman <bman@gentoo.org>
AuthorDate: 2020-06-18 03:13:12 +0000
Commit:     Aaron Bauman <bman@gentoo.org>
CommitDate: 2020-06-18 03:13:42 +0000

    net-dns/c-ares: drop vulnerable
    
    Bug: https://bugs.gentoo.org/724340
    Signed-off-by: Aaron Bauman <bman@gentoo.org>

 net-dns/c-ares/Manifest             |  4 ----
 net-dns/c-ares/c-ares-1.13.0.ebuild | 42 -------------------------------------
 net-dns/c-ares/c-ares-1.14.0.ebuild | 42 -------------------------------------
 net-dns/c-ares/c-ares-1.15.0.ebuild | 42 -------------------------------------
 net-dns/c-ares/c-ares-1.16.0.ebuild | 42 -------------------------------------
 5 files changed, 172 deletions(-)