• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1c-ares version 1.19.1
2
3This is a security and bugfix release.
4
5A special thanks goes out to the Open Source Technology Improvement Fund
6(https://ostif.org) for sponsoring a security audit of c-ares performed by X41
7(https://x41-dsec.de).
8
9Security:
10 o CVE-2023-32067. High. 0-byte UDP payload causes Denial of Service [12]
11 o CVE-2023-31147. Moderate. Insufficient randomness in generation of DNS
12   query IDs [13]
13 o CVE-2023-31130. Moderate. Buffer Underwrite in ares_inet_net_pton() [14]
14 o CVE-2023-31124. Low. AutoTools does not set CARES_RANDOM_FILE during cross
15   compilation [15]
16
17Bug fixes:
18 o Fix uninitialized memory warning in test [1]
19 o Turn off IPV6_V6ONLY on Windows to allow IPv4-mapped IPv6 addresses [2]
20 o ares_getaddrinfo() should allow a port of 0 [3]
21 o Fix memory leak in ares_send() on error [4]
22 o Fix comment style in ares_data.h [5]
23 o Remove unneeded ifdef for Windows [6]
24 o Fix typo in ares_init_options.3 [7]
25 o Re-add support for Watcom compiler [8]
26 o Sync ax_pthread.m4 with upstream [9]
27 o Windows: Invalid stack variable used out of scope for HOSTS path [10]
28 o Sync ax_cxx_compile_stdcxx_11.m4 with upstream to fix uclibc support [11]
29
30Thanks go to these friendly people for their efforts and contributions:
31  Brad House (@bradh352)
32  @Chilledheart
33  Daniel Stenberg (@bagder)
34  Douglas R. Reno (@renodr)
35  Gregor Jasny (@gjasny)
36  Jay Freeman (@saurik)
37  @lifenjoiner
38  Nikolaos Chatzikonstantinou (@createyourpersonalaccount)
39  Yijie Ma (@yijiem)
40(9 contributors)
41
42References to bug reports and discussions on issues:
43 [1] = https://github.com/c-ares/c-ares/pull/515
44 [2] = https://github.com/c-ares/c-ares/pull/520
45 [3] = https://github.com/c-ares/c-ares/issues/517
46 [4] = https://github.com/c-ares/c-ares/pull/511
47 [5] = https://github.com/c-ares/c-ares/pull/513
48 [6] = https://github.com/c-ares/c-ares/pull/512
49 [7] = https://github.com/c-ares/c-ares/pull/510
50 [8] = https://github.com/c-ares/c-ares/pull/509
51 [9] = https://github.com/c-ares/c-ares/pull/507
52 [10] = https://github.com/c-ares/c-ares/pull/502
53 [11] = https://github.com/c-ares/c-ares/pull/505
54 [12] = https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc
55 [13] = https://github.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2
56 [14] = https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v
57 [15] = https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4
58