+2014-12-16 Florian Weimer <fweimer@redhat.com>
+
+ [BZ #17630]
+ * resolv/nss_dns/dns-network.c (getanswer_r): Iterate over alias
+ names.
+
2014-12-15 Jeff Law <law@redhat.com>
[BZ #16617]
* The following bugs are resolved with this release:
- 16617, 17266, 17370, 17371, 17460, 17485, 17555, 17625.
+ 16617, 17266, 17370, 17371, 17460, 17485, 17555, 17625, 17630.
* CVE-2104-7817 The wordexp function could ignore the WRDE_NOCMD flag
under certain input conditions resulting in the execution of a shell for
shell and returns the error WRDE_CMDSUB as expected.
* CVE-2012-3406 printf-style functions could run into a stack overflow when
- processing format strings with a large number of format specifiers.a
+ processing format strings with a large number of format specifiers.
+
+* CVE-2014-9402 The nss_dns implementation of getnetbyname could run into an
+ infinite loopif the DNS response contained a PTR record of an unexpected
+ format.
\f
Version 2.20
case BYNAME:
{
- char **ap = result->n_aliases++;
- while (*ap != NULL)
+ char **ap;
+ for (ap = result->n_aliases; *ap != NULL; ++ap)
{
/* Check each alias name for being of the forms:
4.3.2.1.in-addr.arpa = net 1.2.3.4