Update GLIBC-SA-2026-0012 to mention A6 records

It turns out there is a missing inner length check in it, too.

Also fix the vulnerable commit.  It predates the glibc 2.0 release
because the old stream-based formatting code in resolv/res_debug.c had
the same bug in its LOC handling.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>

diff --git a/advisories/GLIBC-SA-2026-0012 b/advisories/GLIBC-SA-2026-0012
index 6f8f00ddd7b267c4bc451c0c60aea8823f14619c..926ca161028ccfc7074c31e53e1749a625ac241b 100644 (file)
--- a/advisories/GLIBC-SA-2026-0012
+++ b/advisories/GLIBC-SA-2026-0012
@@ -2,7 +2,7 @@ Buffer overread in ns_printrrf with corrupted RDATA field
 
 The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the
 GNU C Library version 2.2 and newer fail to validate the RDATA content
-against the RDATA length in a DNS response when processing LOC, CERT,
+against the RDATA length in a DNS response when processing A6, CERT, LOC,
 TKEY or TSIG records, which may allow an attacker to craft a DNS
 response, causing a target application to crash or read uninitialized
 memory.
@@ -15,4 +15,4 @@ interfaces since they may be removed in future versions.
 
 CVE-Id: CVE-2026-6238
 Public-Date: 2026-04-11
-Vulnerable-Commit: b43b13ac2544b11f35be301d1589b51a8473e32b (2.2)
+Vulnerable-Commit: ee188d555b8c32ad9704a7440cab400af967292f (1.90)