Your message dated Sat, 11 Jul 2026 10:32:49 +0000
with message-id <[email protected]>
and subject line Released in 13.6
has caused the Debian Bug report #1141358,
regarding trixie-pu: package smartdns/46.1+dfsg-1.1~deb13u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1141358: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1141358
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: trixie
X-Debbugs-Cc: [email protected], [email protected]
Control: affects -1 + src:smartdns
User: [email protected]
Usertags: pu

  * CVE-2026-1425: Stack buffer overflow in DNS SVCB/HTTPS record parsing
    (Closes: #1126538)
diffstat for smartdns-46.1+dfsg smartdns-46.1+dfsg

 changelog                                                               |   15 
+++
 patches/0001-dns-Fix-stack-buffer-overflow-in-DNS-SVCB-HTTPS-reco.patch |   40 
++++++++++
 patches/series                                                          |    1 
 3 files changed, 56 insertions(+)

diff -Nru smartdns-46.1+dfsg/debian/changelog 
smartdns-46.1+dfsg/debian/changelog
--- smartdns-46.1+dfsg/debian/changelog 2025-03-20 23:49:12.000000000 +0200
+++ smartdns-46.1+dfsg/debian/changelog 2026-07-03 13:16:47.000000000 +0300
@@ -1,3 +1,18 @@
+smartdns (46.1+dfsg-1.1~deb13u1) trixie; urgency=medium
+
+  * Non-maintainer upload.
+  * Rebuild for trixie.
+
+ -- Adrian Bunk <[email protected]>  Fri, 03 Jul 2026 13:16:47 +0300
+
+smartdns (46.1+dfsg-1.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * CVE-2026-1425: Stack buffer overflow in DNS SVCB/HTTPS record parsing
+    (Closes: #1126538)
+
+ -- Adrian Bunk <[email protected]>  Tue, 30 Jun 2026 23:30:40 +0300
+
 smartdns (46.1+dfsg-1) unstable; urgency=medium
 
   * New upstream version 46.1+dfsg
diff -Nru 
smartdns-46.1+dfsg/debian/patches/0001-dns-Fix-stack-buffer-overflow-in-DNS-SVCB-HTTPS-reco.patch
 
smartdns-46.1+dfsg/debian/patches/0001-dns-Fix-stack-buffer-overflow-in-DNS-SVCB-HTTPS-reco.patch
--- 
smartdns-46.1+dfsg/debian/patches/0001-dns-Fix-stack-buffer-overflow-in-DNS-SVCB-HTTPS-reco.patch
   1970-01-01 02:00:00.000000000 +0200
+++ 
smartdns-46.1+dfsg/debian/patches/0001-dns-Fix-stack-buffer-overflow-in-DNS-SVCB-HTTPS-reco.patch
   2026-06-30 23:30:00.000000000 +0300
@@ -0,0 +1,40 @@
+From 14bb58b260270c501522e92fc190dbfe91e86618 Mon Sep 17 00:00:00 2001
+From: Nick Peng <[email protected]>
+Date: Mon, 12 Jan 2026 20:53:47 +0800
+Subject: dns: Fix stack buffer overflow in DNS SVCB/HTTPS record parsing
+
+---
+ src/dns.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/src/dns.c b/src/dns.c
+index 286784a..c0406e8 100644
+--- a/src/dns.c
++++ b/src/dns.c
+@@ -1687,6 +1687,11 @@ static int _dns_decode_rr_head(struct dns_context 
*context, char *domain, int do
+               return -1;
+       }
+ 
++      if (*rr_len > _dns_left_len(context)) {
++              tlog(TLOG_DEBUG, "rr len exceeds remaining buffer.");
++              return -1;
++      }
++
+       return 0;
+ }
+ 
+@@ -2384,6 +2389,11 @@ static int _dns_decode_HTTPS(struct dns_context 
*context, const char *domain, dn
+               return -1;
+       }
+ 
++      if (_dns_left_len(context) < rr_len) {
++              tlog(TLOG_DEBUG, "https data length exceeds buffer.");
++              return -1;
++      }
++
+       priority = _dns_read_short(&context->ptr);
+       ret = _dns_decode_domain(context, target, sizeof(target));
+       if (ret < 0) {
+-- 
+2.47.3
+
diff -Nru smartdns-46.1+dfsg/debian/patches/series 
smartdns-46.1+dfsg/debian/patches/series
--- smartdns-46.1+dfsg/debian/patches/series    2023-07-14 07:32:47.000000000 
+0300
+++ smartdns-46.1+dfsg/debian/patches/series    2026-06-30 23:30:40.000000000 
+0300
@@ -1,2 +1,3 @@
 init.patch
 reproducible-build.patch
+0001-dns-Fix-stack-buffer-overflow-in-DNS-SVCB-HTTPS-reco.patch

--- End Message ---
--- Begin Message ---
Version: 13.6

This update was released as part of 13.6.

--- End Message ---

Reply via email to