On Tue, 11 Oct 2016 22:26:51 +0200, Daniel Jakots
wrote:
> On Mon, 10 Oct 2016 21:46:54 +0200, Daniel Jakots
> wrote:
>
> > Hi,
> >
> > This fixes CVE-2016-5180.
ping
> I had a look for -stable. The patch use a function that doesn't exist
> in 1.10.0:
>
> > + buf = ares_malloc(len);
>
On Mon, 10 Oct 2016 21:46:54 +0200, Daniel Jakots
wrote:
> Hi,
>
> This fixes CVE-2016-5180.
I had a look for -stable. The patch use a function that doesn't exist
in 1.10.0:
> + buf = ares_malloc(len);
I guess it appears in 1.11.0 because in the ChangeLog there is
> Allow library-wide over
Daniel Jakots writes:
> On Tue, 11 Oct 2016 15:50:22 +0200, Jeremie Courreges-Anglas
> wrote:
>
>> > So I just bumped the minor.
>>
>> Upstream bumped the major. Looking at the headers, some structs have
>> additional members, so it might be a true ABI break.
>
> Indeed, new patch now bumpin
On Tue, 11 Oct 2016 15:50:22 +0200, Jeremie Courreges-Anglas
wrote:
> > So I just bumped the minor.
>
> Upstream bumped the major. Looking at the headers, some structs have
> additional members, so it might be a true ABI break.
Indeed, new patch now bumping the major to take no chance.
Inde
Daniel Jakots writes:
> Hi,
>
> This fixes CVE-2016-5180.
>
> ChangeLog is available: https://c-ares.haxx.se/changelog.html
>
> $ diff -up libcares-10 libcares-12
> --- libcares-10 Mon Oct 10 21:07:50 2016
> +++ libcares-12 Mon Oct 10 21:07:58 2016
> @@ -12,6 +12,7 @@ T ares_free_data
Hi,
This fixes CVE-2016-5180.
ChangeLog is available: https://c-ares.haxx.se/changelog.html
$ diff -up libcares-10 libcares-12
--- libcares-10 Mon Oct 10 21:07:50 2016
+++ libcares
