Hi Salvatore,
On 17.02.23 21:31, Salvatore Bonaccorso wrote:
The following vulnerability was published for c-ares.
CVE-2022-4904[0]:
| buffer overflow in config_sortlist() due to missing string length check
I uploaded a fixed package for sid and prepared an update for bullseye
and buster:
https://salsa.debian.org/debian/c-ares/-/commits/bullseye/
https://salsa.debian.org/debian/c-ares/-/commits/buster/
Are you a member of the Debian Security team and could give me the green
light to upload those two packages into the "security upload queue".
Thanks,
Gregor