From 2d491120357a988a587cd87434589629b8d44a8d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0tetiar?= Date: Tue, 10 Aug 2021 09:15:06 +0200 Subject: [PATCH] c-ares: update to version 1.17.2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Missing input validation of host names returned by Domain Name Servers in the c-ares library can lead to output of wrong hostnames (leading to Domain Hijacking). The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2021-3672 to this issue. References: https://c-ares.haxx.se/adv_20210810.html Signed-off-by: Petr Štetiar --- libs/c-ares/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libs/c-ares/Makefile b/libs/c-ares/Makefile index 885b81812..495d03ef9 100644 --- a/libs/c-ares/Makefile +++ b/libs/c-ares/Makefile @@ -9,12 +9,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=c-ares -PKG_VERSION:=1.17.1 +PKG_VERSION:=1.17.2 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://c-ares.haxx.se/download -PKG_HASH:=d73dd0f6de824afd407ce10750ea081af47eba52b8a6cb307d220131ad93fc40 +PKG_HASH:=4803c844ce20ce510ef0eb83f8ea41fa24ecaae9d280c468c582d2bb25b3913d PKG_LICENSE:=MIT PKG_LICENSE_FILES:=LICENSE.md