On Mon, 10 Feb 2014 at 22:08, Bob Paddock wrote:
On Mon, Feb 10, 2014 at 1:20 PM, Reinhard Max <[email protected]> wrote:
Change name resolution from gethostbyname() to getaddrinfo()...
I don't know if this is relevant here but did want to point it out,
just in case.
This bug was fixed in GNU C Lib 2.19 released a few days ago:
* CVE-2013-4458 Stack overflow in getaddrinfo with large number of results
for AF_INET6 has been fixed (Bugzilla #16072).
Thanks for the notification, but this shouldn't be relevant here, as
avrdude is typically used in trusted environments and not against
arbitrary hosts whose admins might try to set up DNS records that try
to exploit this.
Also, as getaddrinfo() is used by the majority of network code these
days, I expect vendors to provide the updates for glibc rather
quickly, because there are other applications out there which are by
far more at risk than avrdude.
cu
Reinhard
_______________________________________________
avrdude-dev mailing list
[email protected]
https://lists.nongnu.org/mailman/listinfo/avrdude-dev
