Control: tags 1126538 + patch Control: tags 1126538 + pending Dear maintainer,
I've prepared an NMU for smartdns (versioned as 46.1+dfsg-1.1) and uploaded it to DELAYED/2. Please feel free to tell me if I should cancel it. cu Adrian
diffstat for smartdns-46.1+dfsg smartdns-46.1+dfsg changelog | 8 ++ patches/0001-dns-Fix-stack-buffer-overflow-in-DNS-SVCB-HTTPS-reco.patch | 40 ++++++++++ patches/series | 1 3 files changed, 49 insertions(+) diff -Nru smartdns-46.1+dfsg/debian/changelog smartdns-46.1+dfsg/debian/changelog --- smartdns-46.1+dfsg/debian/changelog 2025-03-20 23:49:12.000000000 +0200 +++ smartdns-46.1+dfsg/debian/changelog 2026-06-30 23:30:40.000000000 +0300 @@ -1,3 +1,11 @@ +smartdns (46.1+dfsg-1.1) unstable; urgency=medium + + * Non-maintainer upload. + * CVE-2026-1425: Stack buffer overflow in DNS SVCB/HTTPS record parsing + (Closes: #1126538) + + -- Adrian Bunk <[email protected]> Tue, 30 Jun 2026 23:30:40 +0300 + smartdns (46.1+dfsg-1) unstable; urgency=medium * New upstream version 46.1+dfsg diff -Nru smartdns-46.1+dfsg/debian/patches/0001-dns-Fix-stack-buffer-overflow-in-DNS-SVCB-HTTPS-reco.patch smartdns-46.1+dfsg/debian/patches/0001-dns-Fix-stack-buffer-overflow-in-DNS-SVCB-HTTPS-reco.patch --- smartdns-46.1+dfsg/debian/patches/0001-dns-Fix-stack-buffer-overflow-in-DNS-SVCB-HTTPS-reco.patch 1970-01-01 02:00:00.000000000 +0200 +++ smartdns-46.1+dfsg/debian/patches/0001-dns-Fix-stack-buffer-overflow-in-DNS-SVCB-HTTPS-reco.patch 2026-06-30 23:30:00.000000000 +0300 @@ -0,0 +1,40 @@ +From 14bb58b260270c501522e92fc190dbfe91e86618 Mon Sep 17 00:00:00 2001 +From: Nick Peng <[email protected]> +Date: Mon, 12 Jan 2026 20:53:47 +0800 +Subject: dns: Fix stack buffer overflow in DNS SVCB/HTTPS record parsing + +--- + src/dns.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/src/dns.c b/src/dns.c +index 286784a..c0406e8 100644 +--- a/src/dns.c ++++ b/src/dns.c +@@ -1687,6 +1687,11 @@ static int _dns_decode_rr_head(struct dns_context *context, char *domain, int do + return -1; + } + ++ if (*rr_len > _dns_left_len(context)) { ++ tlog(TLOG_DEBUG, "rr len exceeds remaining buffer."); ++ return -1; ++ } ++ + return 0; + } + +@@ -2384,6 +2389,11 @@ static int _dns_decode_HTTPS(struct dns_context *context, const char *domain, dn + return -1; + } + ++ if (_dns_left_len(context) < rr_len) { ++ tlog(TLOG_DEBUG, "https data length exceeds buffer."); ++ return -1; ++ } ++ + priority = _dns_read_short(&context->ptr); + ret = _dns_decode_domain(context, target, sizeof(target)); + if (ret < 0) { +-- +2.47.3 + diff -Nru smartdns-46.1+dfsg/debian/patches/series smartdns-46.1+dfsg/debian/patches/series --- smartdns-46.1+dfsg/debian/patches/series 2023-07-14 07:32:47.000000000 +0300 +++ smartdns-46.1+dfsg/debian/patches/series 2026-06-30 23:30:40.000000000 +0300 @@ -1,2 +1,3 @@ init.patch reproducible-build.patch +0001-dns-Fix-stack-buffer-overflow-in-DNS-SVCB-HTTPS-reco.patch

