projects / feed / packages.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 45218f2) | patch
libs/c-ares: fix domain hijacking CVE-2021-3672 17250/head
authorPetr Štetiar <ynezz@true.cz>
Thu, 2 Dec 2021 12:54:42 +0000 (13:54 +0100)
committerPetr Štetiar <ynezz@true.cz>
Thu, 2 Dec 2021 12:54:42 +0000 (13:54 +0100)
commite93fc5a20f57efe32612a8d98c03d37c02f19c5e
treea2402c8dae5c6924e76f526bfa143bd1650eba65tree | snapshot
parent45218f20597baae6a6e32b83ffbccc4b0ceaeba9commit | diff
libs/c-ares: fix domain hijacking CVE-2021-3672

Missing input validation of host names returned by Domain Name Servers
in the c-ares library can lead to output of wrong hostnames (leading to
Domain Hijacking).

I've just taken patch from the advisory[1] and rebased it onto 1.15.0
version.

1. https://github.com/c-ares/c-ares/compare/809d5e8..44c009b.patch

Fixes: CVE-2021-3672
Signed-off-by: Petr Štetiar <ynezz@true.cz>
libs/c-ares/Makefile diff | blob | history
libs/c-ares/patches/0001-ares_expand_name-should-escape-more-characters.patch [new file with mode: 0644] blob
libs/c-ares/patches/0002-ares_expand_name-fix-formatting-and-handling-of-root.patch [new file with mode: 0644] blob
Mirror of packages feed