package/c-ares: security bump to version 1.17.2
- NodeJS passes NULL for addr and 0 for addrlen to
ares_parse_ptr_reply() on systems where malloc(0) returns NULL. This
would cause a crash.
- If ares_getaddrinfo() was terminated by an ares_destroy(), it would
cause a crash
- Crash in sortaddrinfo() if the list size equals 0 due to an unexpected
DNS response
- Expand number of escaped characters in DNS replies as per RFC1035 5.1
to prevent spoofing follow-up
- Perform validation on hostnames to prevent possible XSS due to
applications not performing valiation themselves
https://c-ares.haxx.se/changelog.html#1_17_2
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
projects / buildroot.git / commit