c-ares (1.18.1-1ubuntu0.22.04.3) jammy-security; urgency=medium
* SECURITY UPDATE: Out of bounds read in ares__read_line()
- debian/patches/CVE-2024-25629.patch: filtering to
eliminate out of bounds read
- CVE-2024-25629
-- Nick Galanis <nick.galanis@canonical.com> Wed, 28 Feb 2024 13:37:18 +0000
c-ares (1.18.1-1ubuntu0.22.04.2) jammy-security; urgency=medium
* SECURITY UPDATE: buffer underflow on certain ipv6 addresses
- debian/patches/CVE-2023-31130.diff: add newer inet_net_pton_ipv6()
and fix test cases in src/lib/inet_net_pton.c,
test/ares-test-internal.cc.
- CVE-2023-31130
* SECURITY UPDATE: denial of service via 0-byte UDP payload
- debian/patches/CVE-2023-32067.diff: check length in
src/lib/ares_process.c.
- CVE-2023-32067
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 12 Jun 2023 14:43:33 -0400
c-ares (1.18.1-1ubuntu0.22.04.1) jammy-security; urgency=medium
* SECURITY UPDATE: buffer overflow in config_sortlist()
- debian/patches/CVE-2022-4904.patch: add length checks to
src/lib/ares_init.c, test/ares-test-init.cc.
- CVE-2022-4904
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 01 Mar 2023 12:18:31 -0500
c-ares (1.18.1-1build1) jammy; urgency=medium
* No-change rebuild for ppc64el baseline bump.
-- Ćukasz 'sil2100' Zemczak <lukasz.zemczak@ubuntu.com> Wed, 23 Mar 2022 10:45:19 +0100
c-ares (1.18.1-1) unstable; urgency=medium
* Imported Upstream version 1.18.1
-- Gregor Jasny <gjasny@googlemail.com> Wed, 27 Oct 2021 09:15:14 +0200
c-ares (1.18.0-1) unstable; urgency=low
* Imported Upstream version 1.18.0
* Bumped debhelper from old 12 to 13.
* Bumped standards to version 4.6.0 (no changes needed)
* Updated upstream contact data
-- Gregor Jasny <gjasny@googlemail.com> Tue, 26 Oct 2021 15:53:53 +0200
c-ares (1.17.2-1) unstable; urgency=low
* Imported Upstream version 1.17.2 (fixes CVE-2021-3672)
* Bumped standards to version 4.5.2 (no changes needed)
-- Gregor Jasny <gjasny@googlemail.com> Wed, 18 Aug 2021 18:21:53 +0200
c-ares (1.17.1-1.1) unstable; urgency=medium
* Non-maintainer upload.
* Missing input validation on hostnames returned by DNS servers
(CVE-2021-3672) (Closes: #992053)
- ares_expand_name() should escape more characters
- ares_expand_name(): fix formatting and handling of root name response
-- Salvatore Bonaccorso <carnil@debian.org> Sat, 07 Aug 2021 11:43:50 +0200
c-ares (1.17.1-1) unstable; urgency=medium
* Imported Upstream version 1.17.1 (fixes CVE-2020-8277)
* Bumped standards to version 4.5.1 (no changes needed)
* Update upstream repository metadata
* Ignore installed libtool file for all architectures
-- Gregor Jasny <gjasny@googlemail.com> Thu, 19 Nov 2020 18:57:27 +0100
c-ares (1.16.1-1) unstable; urgency=high
* Imported Upstream version 1.16.1
* This release prevents a possible use-after-free and
double-free in ares_getaddrinfo() if ares_destroy()
is called prior to ares_getaddrinfo() completing.
-- Gregor Jasny <gjasny@googlemail.com> Mon, 11 May 2020 20:24:56 +0200
# For older changelog entries, run 'apt-get changelog libc-ares2'
Generated by dwww version 1.14 on Sat Sep 6 06:06:53 CEST 2025.