Version in base suite: 46.1+dfsg-1 Base version: smartdns_46.1+dfsg-1 Target version: smartdns_46.1+dfsg-1.1~deb13u1 Base file: /srv/ftp-master.debian.org/ftp/pool/main/s/smartdns/smartdns_46.1+dfsg-1.dsc Target file: /srv/ftp-master.debian.org/policy/pool/main/s/smartdns/smartdns_46.1+dfsg-1.1~deb13u1.dsc changelog | 15 +++ patches/0001-dns-Fix-stack-buffer-overflow-in-DNS-SVCB-HTTPS-reco.patch | 40 ++++++++++ patches/series | 1 3 files changed, 56 insertions(+) dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmpc620unf0/smartdns_46.1+dfsg-1.dsc: no acceptable signature found dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmpc620unf0/smartdns_46.1+dfsg-1.1~deb13u1.dsc: no acceptable signature found diff: /srv/release.debian.org/tmp/v2BLUt2Epn/smartdns-46.1+dfsg/debian/smartdns.service: No such file or directory diff: /srv/release.debian.org/tmp/Q8WkpMZpbm/smartdns-46.1+dfsg/debian/smartdns.service: No such file or directory diff -Nru smartdns-46.1+dfsg/debian/changelog smartdns-46.1+dfsg/debian/changelog --- smartdns-46.1+dfsg/debian/changelog 2025-03-20 21:49:12.000000000 +0000 +++ smartdns-46.1+dfsg/debian/changelog 2026-07-03 10:16:47.000000000 +0000 @@ -1,3 +1,18 @@ +smartdns (46.1+dfsg-1.1~deb13u1) trixie; urgency=medium + + * Non-maintainer upload. + * Rebuild for trixie. + + -- Adrian Bunk Fri, 03 Jul 2026 13:16:47 +0300 + +smartdns (46.1+dfsg-1.1) unstable; urgency=medium + + * Non-maintainer upload. + * CVE-2026-1425: Stack buffer overflow in DNS SVCB/HTTPS record parsing + (Closes: #1126538) + + -- Adrian Bunk Tue, 30 Jun 2026 23:30:40 +0300 + smartdns (46.1+dfsg-1) unstable; urgency=medium * New upstream version 46.1+dfsg diff -Nru smartdns-46.1+dfsg/debian/patches/0001-dns-Fix-stack-buffer-overflow-in-DNS-SVCB-HTTPS-reco.patch smartdns-46.1+dfsg/debian/patches/0001-dns-Fix-stack-buffer-overflow-in-DNS-SVCB-HTTPS-reco.patch --- smartdns-46.1+dfsg/debian/patches/0001-dns-Fix-stack-buffer-overflow-in-DNS-SVCB-HTTPS-reco.patch 1970-01-01 00:00:00.000000000 +0000 +++ smartdns-46.1+dfsg/debian/patches/0001-dns-Fix-stack-buffer-overflow-in-DNS-SVCB-HTTPS-reco.patch 2026-06-30 20:30:00.000000000 +0000 @@ -0,0 +1,40 @@ +From 14bb58b260270c501522e92fc190dbfe91e86618 Mon Sep 17 00:00:00 2001 +From: Nick Peng +Date: Mon, 12 Jan 2026 20:53:47 +0800 +Subject: dns: Fix stack buffer overflow in DNS SVCB/HTTPS record parsing + +--- + src/dns.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/src/dns.c b/src/dns.c +index 286784a..c0406e8 100644 +--- a/src/dns.c ++++ b/src/dns.c +@@ -1687,6 +1687,11 @@ static int _dns_decode_rr_head(struct dns_context *context, char *domain, int do + return -1; + } + ++ if (*rr_len > _dns_left_len(context)) { ++ tlog(TLOG_DEBUG, "rr len exceeds remaining buffer."); ++ return -1; ++ } ++ + return 0; + } + +@@ -2384,6 +2389,11 @@ static int _dns_decode_HTTPS(struct dns_context *context, const char *domain, dn + return -1; + } + ++ if (_dns_left_len(context) < rr_len) { ++ tlog(TLOG_DEBUG, "https data length exceeds buffer."); ++ return -1; ++ } ++ + priority = _dns_read_short(&context->ptr); + ret = _dns_decode_domain(context, target, sizeof(target)); + if (ret < 0) { +-- +2.47.3 + diff -Nru smartdns-46.1+dfsg/debian/patches/series smartdns-46.1+dfsg/debian/patches/series --- smartdns-46.1+dfsg/debian/patches/series 2023-07-14 04:32:47.000000000 +0000 +++ smartdns-46.1+dfsg/debian/patches/series 2026-06-30 20:30:40.000000000 +0000 @@ -1,2 +1,3 @@ init.patch reproducible-build.patch +0001-dns-Fix-stack-buffer-overflow-in-DNS-SVCB-HTTPS-reco.patch