Source: smartdns Version: 46+dfsg-1 Severity: important Tags: security upstream Forwarded: https://github.com/pymumu/smartdns/issues/177 X-Debbugs-Cc: Mo Zhou <lu...@debian.org>, car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerability was published for smartdns. CVE-2024-42643[0]: | Integer Overflow in fast_ping.c in SmartDNS Release46 allows remote | attackers to cause a Denial of Service via misaligned memory access. Mo Zhou, even with translating the upstream issue it's not entirely clear to me where this was fixed around 2019? Can you enlight with more information or approach upstream? I assume this will likely be no-dsa for bookworm, but ensuring it will be fixed in trixie would be nice. The ifnormation is as well not very clear, the descripion mentions SmartDNS Release 46, which contradicts having taken action in 2019 from upstream. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-42643 https://www.cve.org/CVERecord?id=CVE-2024-42643 [1] https://github.com/pymumu/smartdns/issues/177 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
