c-ares before 1.17.2 has missing input validation.
Missing input validation of host names returned by Domain Name Servers in the c-ares library can lead to output of wrong hostnames (leading to Domain Hijacking).
The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2021-3672 to this issue.
The bug has been referenced in the following commit(s):
Author: Sam James <email@example.com>
AuthorDate: 2021-08-10 23:45:13 +0000
Commit: Sam James <firstname.lastname@example.org>
CommitDate: 2021-08-10 23:45:18 +0000
net-dns/c-ares: add 1.17.2
Now with tests.
Signed-off-by: Sam James <email@example.com>
net-dns/c-ares/Manifest | 1 +
net-dns/c-ares/c-ares-1.17.2.ebuild | 49 +++++++++++++++++++++++++++++++++++++
2 files changed, 50 insertions(+)