{
  "repository": "https://github.com/c-ares/c-ares",
  "commit_source": "git_rev_parse",
  "commit_sha": "d63b7de3a3568d14ab1351374b205365aed51cca",
  "submitted_target": {
    "target_kind": "git_tag",
    "version": "1.34.6",
    "ref": "v1.34.6",
    "commit_sha": "3ac47ee46edd8ea40370222f91613fc16c434853",
    "display": "c-ares v1.34.6"
  },
  "variant_target": {
    "target_kind": "git_tag",
    "version": "1.34.6 vulnerable alternate trigger with v1.34.7 fixed negative control",
    "ref": "v1.34.6 and v1.34.7",
    "commit_sha": "3ac47ee46edd8ea40370222f91613fc16c434853",
    "fixed_control_commit_sha": "d63b7de3a3568d14ab1351374b205365aed51cca",
    "display": "c-ares v1.34.6 timeout alternate trigger; c-ares v1.34.7 fixed control"
  },
  "notes": "Variant stage confirmed a distinct vulnerable-version alternate trigger in process_timeouts(), not a bypass. Fixed control v1.34.7 commit d63b7de3a3568d14ab1351374b205365aed51cca contains fix commit d823199b688052dcdc1646f2ab4cb8c16b1c644a and blocks the candidate."
}
