-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 18 Feb 2023 00:24:32 +0100 Source: c-ares Architecture: source Version: 1.17.1-1+deb11u2 Distribution: bullseye Urgency: medium Maintainer: Gregor Jasny <gjasny@googlemail.com> Changed-By: Gregor Jasny <gjasny@googlemail.com> Closes: 1031525 Changes: c-ares (1.17.1-1+deb11u2) bullseye; urgency=medium . * Fix CVE-2022-4904: It was discovered that in c-ares, an asynchronous name resolver library, the config_sortlist function is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow and thus may cause a denial of service. (Closes: #1031525) Checksums-Sha1: e2639e670116fc80b76e92c6c3e2675b19b74e34 2182 c-ares_1.17.1-1+deb11u2.dsc 1cbb97ad2e0dbadf702bd810c94d9f627fc3b983 10576 c-ares_1.17.1-1+deb11u2.debian.tar.xz cda98e9bdd53f027be412c121779439e7fa0b107 6587 c-ares_1.17.1-1+deb11u2_arm64.buildinfo Checksums-Sha256: 722ba16daf51ec3f462707ca48dcf1ded89a4d1f3941418ae31c6cd1086287dc 2182 c-ares_1.17.1-1+deb11u2.dsc 5287aeb8f59fb03b6833e1b62b18a04c02d964b557936ea6b1968cf624d86ce3 10576 c-ares_1.17.1-1+deb11u2.debian.tar.xz a47903a981166bed1ec495769c51b794869dda1f7686117ea1d7cb259420a92a 6587 c-ares_1.17.1-1+deb11u2_arm64.buildinfo Files: 726502fc68669ec034fc7ee493b8b539 2182 libs optional c-ares_1.17.1-1+deb11u2.dsc f199e6258350d6a3355f5fcae94a657e 10576 libs optional c-ares_1.17.1-1+deb11u2.debian.tar.xz 0470d11e1371dbf845c5d38d0b3155c3 6587 libs optional c-ares_1.17.1-1+deb11u2_arm64.buildinfo -----BEGIN PGP SIGNATURE----- iQJKBAEBCAA0FiEEBdAWnCbkFZNBgSnfGZpk+t+1AP8FAmQSw6IWHGdqYXNueUBn b29nbGVtYWlsLmNvbQAKCRAZmmT637UA/7POD/9YZJDJBfKNhrpPYk1OjVxvI/zS Jr4FAioukY6PrtkD9Cg9zie0qhrz0dk77iJKP+hQo7e1Xak3Xg27HP7S3w6+Ekff 9Cu7w2/lYQNeXJ/ecGJ6gTsH234m+dp/QAYUj1CIlmegfC+2lapeyBJRAlTv8ktB mXPbKwJn65T9ICYtHBH5OdUSlmMpnmNqsG8uzH2sfHMVPiuggzFX5MRb8qAj35CK HkIhSzyXtXoDgoLDbU/SZEIDuqU1XV4/ZI7SAtayulY+ZmmRuQTEC2kBgQagh7OF bodGR1mx+sIkm9F2EZ819Gq2GzK75uhToqH6WPDSWkkzW/MkraEqT8dIzF6SN43q 8O2WAvGyFqW8vjRdd+ET6B8tYxDGOQ/0qy0TF5bqdX0hHNLU5jqNlp4mHa9HvvrB IuZo4447fWItXMV3AMIMQbSEdZamcUP117Xj6FUWywSsDPMcmBl9lVfiLF5m3xFz xYJriVeNWdLzbjTBzdP2lzrP2KidpkCiJtZkd8n9QRfWSXhdUGyOHaCcUloOKOB/ OmNiyzp83u+fLi/cWvBI/YkNlCDoZXuZJywmKFBgQ6fzORLhbW5UTeznSpIrr7hc jQVGmTaZfW6xYVQ0bmfJLA3wgdKSmOrKoXmaCv9Q+XJNusFDJVJvUB1j6NaVPWl6 J9ssLuijnN+MydrZqg== =vM0d -----END PGP SIGNATURE-----
