Hi Salvatore,

On 17.02.23 21:31, Salvatore Bonaccorso wrote:
The following vulnerability was published for c-ares.

CVE-2022-4904[0]:
| buffer overflow in config_sortlist() due to missing string length check

I uploaded a fixed package for sid and prepared an update for bullseye and buster:

https://salsa.debian.org/debian/c-ares/-/commits/bullseye/
https://salsa.debian.org/debian/c-ares/-/commits/buster/

Are you a member of the Debian Security team and could give me the green light to upload those two packages into the "security upload queue".

Thanks,
Gregor

Reply via email to