1c-ares version 1.19.1 2 3This is a security and bugfix release. 4 5A special thanks goes out to the Open Source Technology Improvement Fund 6(https://ostif.org) for sponsoring a security audit of c-ares performed by X41 7(https://x41-dsec.de). 8 9Security: 10 o CVE-2023-32067. High. 0-byte UDP payload causes Denial of Service [12] 11 o CVE-2023-31147. Moderate. Insufficient randomness in generation of DNS 12 query IDs [13] 13 o CVE-2023-31130. Moderate. Buffer Underwrite in ares_inet_net_pton() [14] 14 o CVE-2023-31124. Low. AutoTools does not set CARES_RANDOM_FILE during cross 15 compilation [15] 16 17Bug fixes: 18 o Fix uninitialized memory warning in test [1] 19 o Turn off IPV6_V6ONLY on Windows to allow IPv4-mapped IPv6 addresses [2] 20 o ares_getaddrinfo() should allow a port of 0 [3] 21 o Fix memory leak in ares_send() on error [4] 22 o Fix comment style in ares_data.h [5] 23 o Remove unneeded ifdef for Windows [6] 24 o Fix typo in ares_init_options.3 [7] 25 o Re-add support for Watcom compiler [8] 26 o Sync ax_pthread.m4 with upstream [9] 27 o Windows: Invalid stack variable used out of scope for HOSTS path [10] 28 o Sync ax_cxx_compile_stdcxx_11.m4 with upstream to fix uclibc support [11] 29 30Thanks go to these friendly people for their efforts and contributions: 31 Brad House (@bradh352) 32 @Chilledheart 33 Daniel Stenberg (@bagder) 34 Douglas R. Reno (@renodr) 35 Gregor Jasny (@gjasny) 36 Jay Freeman (@saurik) 37 @lifenjoiner 38 Nikolaos Chatzikonstantinou (@createyourpersonalaccount) 39 Yijie Ma (@yijiem) 40(9 contributors) 41 42References to bug reports and discussions on issues: 43 [1] = https://github.com/c-ares/c-ares/pull/515 44 [2] = https://github.com/c-ares/c-ares/pull/520 45 [3] = https://github.com/c-ares/c-ares/issues/517 46 [4] = https://github.com/c-ares/c-ares/pull/511 47 [5] = https://github.com/c-ares/c-ares/pull/513 48 [6] = https://github.com/c-ares/c-ares/pull/512 49 [7] = https://github.com/c-ares/c-ares/pull/510 50 [8] = https://github.com/c-ares/c-ares/pull/509 51 [9] = https://github.com/c-ares/c-ares/pull/507 52 [10] = https://github.com/c-ares/c-ares/pull/502 53 [11] = https://github.com/c-ares/c-ares/pull/505 54 [12] = https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc 55 [13] = https://github.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2 56 [14] = https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v 57 [15] = https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4 58