Your message dated Sat, 04 Jul 2026 17:17:07 +0000
with message-id <[email protected]>
and subject line Bug#1126538: fixed in smartdns 46.1+dfsg-1.1~deb13u1
has caused the Debian Bug report #1126538,
regarding smartdns: CVE-2026-1425
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1126538: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126538
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: smartdns
Version: 46.1+dfsg-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>

Hi,

The following vulnerability was published for smartdns.

CVE-2026-1425[0]:
| A security flaw has been discovered in pymumu SmartDNS up to 47.1.
| This vulnerability affects the function
| _dns_decode_rr_head/_dns_decode_SVCB_HTTPS of the file src/dns.c of
| the component SVBC Record Parser. The manipulation results in stack-
| based buffer overflow. It is possible to launch the attack remotely.
| A high complexity level is associated with this attack. It is stated
| that the exploitability is difficult. The patch is identified as
| 2d57c4b4e1add9b4537aeb403f794a084727e1c8. Applying a patch is
| advised to resolve this issue.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2026-1425
    https://www.cve.org/CVERecord?id=CVE-2026-1425
[1] 
https://github.com/pymumu/smartdns/commit/2d57c4b4e1add9b4537aeb403f794a084727e1c8

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---
--- Begin Message ---
Source: smartdns
Source-Version: 46.1+dfsg-1.1~deb13u1
Done: Adrian Bunk <[email protected]>

We believe that the bug you reported is fixed in the latest version of
smartdns, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Adrian Bunk <[email protected]> (supplier of updated smartdns package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 03 Jul 2026 13:16:47 +0300
Source: smartdns
Architecture: source
Version: 46.1+dfsg-1.1~deb13u1
Distribution: trixie
Urgency: medium
Maintainer: Mo Zhou <[email protected]>
Changed-By: Adrian Bunk <[email protected]>
Closes: 1126538
Changes:
 smartdns (46.1+dfsg-1.1~deb13u1) trixie; urgency=medium
 .
   * Non-maintainer upload.
   * Rebuild for trixie.
 .
 smartdns (46.1+dfsg-1.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * CVE-2026-1425: Stack buffer overflow in DNS SVCB/HTTPS record parsing
     (Closes: #1126538)
Checksums-Sha1:
 e673f833cb504d355a0a67b37cbfc73dc70c8e2d 1938 
smartdns_46.1+dfsg-1.1~deb13u1.dsc
 c21e96904f4665255de5c95b094c332269b5b8cc 432840 smartdns_46.1+dfsg.orig.tar.xz
 0bb6a955e9428541e086299df9d0eda726f8cbff 7004 
smartdns_46.1+dfsg-1.1~deb13u1.debian.tar.xz
Checksums-Sha256:
 9454afaa68e63568db9085da9804e5f8473840bb58963dbd9f40b93ab646a297 1938 
smartdns_46.1+dfsg-1.1~deb13u1.dsc
 3c459e79be7f413ded7fcb23c49b38f1d1adc2c6ff642e2b355c87babd96bb0c 432840 
smartdns_46.1+dfsg.orig.tar.xz
 911def7596c138485ec3558f4dd253cef11487d9a487d2ee92220db4f38f862f 7004 
smartdns_46.1+dfsg-1.1~deb13u1.debian.tar.xz
Files:
 dc3b0aa17c4e813a9445eb68074cbb87 1938 net optional 
smartdns_46.1+dfsg-1.1~deb13u1.dsc
 e7b6e3dd3e1e2471ebbe6532401f80c2 432840 net optional 
smartdns_46.1+dfsg.orig.tar.xz
 e267bd666b96a9188d1eb531c2b02834 7004 net optional 
smartdns_46.1+dfsg-1.1~deb13u1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmpHjZ0ACgkQiNJCh6LY
mLEDyQ//Su0BTn+N5C12CxymUCwIiLPvxi5odBBlZK/+gX0sNFXR1Z0ud5+Ew3EP
zS1tiAVWnBRHnB9aBQlRHB3IIgKUvZBMnMeftCsPhfwNcgzjydZWX8eDhfQMNRya
PKlCXJ85Us08boKWGbty1jOIFTEkt7ZXQ5QFBl/2wTQ349pFzUALawCZ8Opk8Kbx
qTEXXojVXVzUEkd0v+Btv2g631f3l58ku0FI/9pbmCsOdjLkdxfzd591ofwDehQs
Gf1fZ09/O9GCOojPNRughMXSr4Kg1dYTIZnS6w8YBT20ZpOV+oo3+pg+8N26+KAG
aPUYSsLhay8enlzlV+dQOanAI6pV1XCgENzVK568DvP4VEPigKtQV0WWSmGZbUPc
frw4gSpg/T515NudmIFSn8EMxXu6RPOMOe5xBw/2OhOmOIvdXe2xQBoeutOipoo+
JhU21CWRMck6HSKkkl8P2vTGpEucFMHr81mdPVW/wLduNd+qfzJxMeLwVk7TDB02
kgDirKcED4wA2AC5ggX7yoLZ21N20omxA4L2p1xIrfhNFLUE6kmaOkSYySYDOOX0
GcpF1R/b9KuCUZR/K5Noufhtn/yg/hpwz0ZC00gnlRqxuYTWut/3dTqXTD8Vgc5A
wixMfluzT8sf/p+cxfOprjuXogOYYphz2RfTqLk8yNe4OWpRxk8=
=eQjb
-----END PGP SIGNATURE-----

Attachment: pgpNDCHQKcUaP.pgp
Description: PGP signature


--- End Message ---

Reply via email to