Package: c-ares | Debian Sources

Package: c-ares / 1.10.0-2+deb8u2

Metadata

Package	Version	Patches format
c-ares	1.10.0-2+deb8u2	3.0 (quilt)

Patch series

view the series file

Patch	File delta	Description
disable cflags rewrite.diff \| (download)	configure.ac \| 4 2 + 2 - 0 ! 1 file changed, 2 insertions(+), 2 deletions(-)	prevent autoconf from mangling passed cflags These flags are passed by dpkg-buildflags for hardening.
CVE 2016 5180.diff \| (download)	ares_create_query.c \| 84 39 + 45 - 0 ! 1 file changed, 39 insertions(+), 45 deletions(-)	ares_create_query: avoid single-byte buffer overwrite (cve-2016-5180)
CVE 2017 1000381.diff \| (download)	ares_parse_naptr_reply.c \| 7 6 + 1 - 0 ! 1 file changed, 6 insertions(+), 1 deletion(-)	[patch 5/5] ares_parse_naptr_reply: check sufficient data Bug-Debian: http://bugs.debian.org/865360 Check that there is enough data for the required elements of an NAPTR record (2 int16, 3 bytes for string lengths) before processing a record.

Patch

File delta

Description

disable cflags rewrite.diff | (download)

configure.ac | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 prevent autoconf from mangling passed cflags
 These flags are passed by dpkg-buildflags for hardening.

CVE 2016 5180.diff | (download)

ares_create_query.c | 84 39 + 45 - 0 !
1 file changed, 39 insertions(+), 45 deletions(-)

 ares_create_query: avoid single-byte buffer overwrite (cve-2016-5180)

CVE 2017 1000381.diff | (download)

ares_parse_naptr_reply.c | 7 6 + 1 - 0 !
1 file changed, 6 insertions(+), 1 deletion(-)

 [patch 5/5] ares_parse_naptr_reply: check sufficient data
Bug-Debian: http://bugs.debian.org/865360

Check that there is enough data for the required elements
of an NAPTR record (2 int16, 3 bytes for string lengths)
before processing a record.