packages

History

Petr Štetiar e93fc5a20f libs/c-ares: fix domain hijacking CVE-2021-3672 Missing input validation of host names returned by Domain Name Servers in the c-ares library can lead to output of wrong hostnames (leading to Domain Hijacking). I've just taken patch from the advisory[1] and rebased it onto 1.15.0 version. 1. `809d5e8..44c009b`.patch Fixes: CVE-2021-3672 Signed-off-by: Petr Štetiar <ynezz@true.cz>	2021-12-02 13:54:42 +01:00
..
patches	libs/c-ares: fix domain hijacking CVE-2021-3672	2021-12-02 13:54:42 +01:00
Makefile	libs/c-ares: fix domain hijacking CVE-2021-3672	2021-12-02 13:54:42 +01:00

Petr Štetiar e93fc5a20f libs/c-ares: fix domain hijacking CVE-2021-3672

Missing input validation of host names returned by Domain Name Servers
in the c-ares library can lead to output of wrong hostnames (leading to
Domain Hijacking).

I've just taken patch from the advisory[1] and rebased it onto 1.15.0
version.

1. 809d5e8..44c009b.patch

Fixes: CVE-2021-3672
Signed-off-by: Petr Štetiar <ynezz@true.cz>

2021-12-02 13:54:42 +01:00

patches libs/c-ares: fix domain hijacking CVE-2021-3672 2021-12-02 13:54:42 +01:00

Makefile libs/c-ares: fix domain hijacking CVE-2021-3672 2021-12-02 13:54:42 +01:00