From 1.27.0 release notes (https://github.com/c-ares/c-ares/releases/tag/cares-1_27_0): Moderate. CVE-2024-25629. Reading malformatted /etc/resolv.conf, /etc/nsswitch.conf or the HOSTALIASES file could result in a crash. GHSA-mg26-v6qh-x48q
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4f6ce3e29c1b9241d9f9b8a7cf432923fa3e1480 commit 4f6ce3e29c1b9241d9f9b8a7cf432923fa3e1480 Author: Sam James <sam@gentoo.org> AuthorDate: 2024-02-28 00:06:13 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-02-28 00:06:13 +0000 net-dns/c-ares: add 1.27.0 Bug: https://bugs.gentoo.org/925661 Signed-off-by: Sam James <sam@gentoo.org> net-dns/c-ares/Manifest | 2 + net-dns/c-ares/c-ares-1.27.0.ebuild | 92 +++++++++++++++++++++++++++++++++++++ 2 files changed, 94 insertions(+)