c-ares version 1.16.1 - May 11 2020 Security: Prevent possible use-after-free and double-free in ares_getaddrinfo() if ares_destroy() is called prior to ares_getaddrinfo() completing. Reported by Jann Horn at Google Project Zero.
Stabilisation ongoing in bug 723394.
@maintainer(s), please cleanup
@maintainer(s), ping, please cleanup
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2c5e7dfe807fd96df76a3447a5bf8cffd5e6d043 commit 2c5e7dfe807fd96df76a3447a5bf8cffd5e6d043 Author: Aaron Bauman <bman@gentoo.org> AuthorDate: 2020-06-18 03:13:12 +0000 Commit: Aaron Bauman <bman@gentoo.org> CommitDate: 2020-06-18 03:13:42 +0000 net-dns/c-ares: drop vulnerable Bug: https://bugs.gentoo.org/724340 Signed-off-by: Aaron Bauman <bman@gentoo.org> net-dns/c-ares/Manifest | 4 ---- net-dns/c-ares/c-ares-1.13.0.ebuild | 42 ------------------------------------- net-dns/c-ares/c-ares-1.14.0.ebuild | 42 ------------------------------------- net-dns/c-ares/c-ares-1.15.0.ebuild | 42 ------------------------------------- net-dns/c-ares/c-ares-1.16.0.ebuild | 42 ------------------------------------- 5 files changed, 172 deletions(-)