Your message dated Thu, 02 Jul 2026 13:50:50 +0000
with message-id <[email protected]>
and subject line Bug#1126538: fixed in smartdns 46.1+dfsg-1.1
has caused the Debian Bug report #1126538,
regarding smartdns: CVE-2026-1425
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1126538: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126538
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: smartdns
Version: 46.1+dfsg-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>

Hi,

The following vulnerability was published for smartdns.

CVE-2026-1425[0]:
| A security flaw has been discovered in pymumu SmartDNS up to 47.1.
| This vulnerability affects the function
| _dns_decode_rr_head/_dns_decode_SVCB_HTTPS of the file src/dns.c of
| the component SVBC Record Parser. The manipulation results in stack-
| based buffer overflow. It is possible to launch the attack remotely.
| A high complexity level is associated with this attack. It is stated
| that the exploitability is difficult. The patch is identified as
| 2d57c4b4e1add9b4537aeb403f794a084727e1c8. Applying a patch is
| advised to resolve this issue.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2026-1425
    https://www.cve.org/CVERecord?id=CVE-2026-1425
[1] 
https://github.com/pymumu/smartdns/commit/2d57c4b4e1add9b4537aeb403f794a084727e1c8

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---
--- Begin Message ---
Source: smartdns
Source-Version: 46.1+dfsg-1.1
Done: Adrian Bunk <[email protected]>

We believe that the bug you reported is fixed in the latest version of
smartdns, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Adrian Bunk <[email protected]> (supplier of updated smartdns package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 30 Jun 2026 23:30:40 +0300
Source: smartdns
Architecture: source
Version: 46.1+dfsg-1.1
Distribution: unstable
Urgency: medium
Maintainer: Mo Zhou <[email protected]>
Changed-By: Adrian Bunk <[email protected]>
Closes: 1126538
Changes:
 smartdns (46.1+dfsg-1.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * CVE-2026-1425: Stack buffer overflow in DNS SVCB/HTTPS record parsing
     (Closes: #1126538)
Checksums-Sha1:
 dfff178f846ff57c44855777f51716283b91432b 1906 smartdns_46.1+dfsg-1.1.dsc
 b4a9378413a5c4308db5a98e1610126ea43b5dd1 6964 
smartdns_46.1+dfsg-1.1.debian.tar.xz
Checksums-Sha256:
 2e7aaf890d6641d3eebd7d212779b4ea00d38d006654b195665c502f25527dc0 1906 
smartdns_46.1+dfsg-1.1.dsc
 bd00cbf9141d8548855fdea5457629bd3270fd2c668baea998c772a5804f56af 6964 
smartdns_46.1+dfsg-1.1.debian.tar.xz
Files:
 848f97bb3a05ffea4b9b8ab82c30b0c1 1906 net optional smartdns_46.1+dfsg-1.1.dsc
 826b34a2f14c32994efcc2b81fa3479a 6964 net optional 
smartdns_46.1+dfsg-1.1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmpEMLQACgkQiNJCh6LY
mLFaqBAApfU8rWghwookJz8S4q5JheZ+cKBlVyJvpXRcr5AC1/rhwdS5mjWutZUC
prG+/vbgok8Sqg2d9SvAwudMB0wnkxnTHsyMHyc97gnoWaxKzAE2UrQo1XGUeqDq
DSPadTk/bsGEaUKcZG8o3639Oo24OmbroyfuPnN6acB7pL341lPgS4WdpUBm2PM+
SLBRgtrGbIVoiF609Fz1LgWiC3Dxk/Wci8fOOEbnryyb9UjQqjb1j5qypSqq1pzQ
SYG6zIuP3bGgEEV7860O30t2JO6Za+iFwwkmPkmPW/wHt7B0MWHS9iF6Nj9J0+zB
V0Nvzu1cJ2amvCbpiLW4o8ACU1NNkbM2/maAJJRZwm/h3kFEHWWTESoxuTk0NvMt
qgDO5WOy15bUpHJNXy6aoIDi/AvQtp5NsUwGmlAe8MEfapjEWrRmviJprBX1xreP
Ou2av3WeFOdm0CGswJRmQnGL1oZSuX29eEJXDAfvXZ5D8APmI9lYjMXeyYtYIE7l
iqFt6pW6DxMA+cIENwTVPwb6UKvlvZ59jO4xt7VFvZjKZXg+9uhzF+vJ6mFIgpP6
Y6e5OPw685fWDhg2R60nEt4PBcshQz2URsOZ2cw0mwJltJF2jq4xSweZ1MUDlM3l
GwmbNBxMpiOQ/3yF3qP21AaF3ouKpG86oHOUA3nHEs0xJdBD6pY=
=3h1M
-----END PGP SIGNATURE-----

Attachment: pgpKg7U_i1jR7.pgp
Description: PGP signature


--- End Message ---

Reply via email to