Package: c-ares | Debian Sources

Package: c-ares / 1.17.1-1+deb11u3

Metadata

Package	Version	Patches format
c-ares	1.17.1-1+deb11u3	3.0 (quilt)

Patch series

view the series file

Patch	File delta	Description
disable cflags rewrite.diff \| (download)	configure.ac \| 4 2 + 2 - 0 ! 1 file changed, 2 insertions(+), 2 deletions(-)	prevent autoconf from mangling passed cflags These flags are passed by dpkg-buildflags for hardening.
ares_expand_name should escape more characters.patch \| (download)	src/lib/ares_expand_name.c \| 41 38 + 3 - 0 ! 1 file changed, 38 insertions(+), 3 deletions(-)	[1/2] ares_expand_name() should escape more characters
ares_expand_name fix formatting and handling of root.patch \| (download)	src/lib/ares_expand_name.c \| 62 40 + 22 - 0 ! 1 file changed, 40 insertions(+), 22 deletions(-)	[2/2] ares_expand_name(): fix formatting and handling of root name response
CVE 2022 4904.diff \| (download)	src/lib/ares_init.c \| 4 4 + 0 - 0 ! test/ares-test-init.cc \| 2 2 + 0 - 0 ! 2 files changed, 6 insertions(+)	add str len check in config_sortlist to avoid stack overflow
CVE 2023 31130.patch \| (download)	src/lib/inet_net_pton.c \| 155 83 + 72 - 0 ! test/ares-test-internal.cc \| 7 3 + 4 - 0 ! 2 files changed, 86 insertions(+), 76 deletions(-)	[patch] merge pull request from ghsa-x6mf-cxr9-8q6v * Merged latest OpenBSD changes for inet_net_pton_ipv6() into c-ares. * Always use our own IP conversion functions now, do not delegate to OS so we can have consistency in testing and fuzzing. * Removed bogus test cases that never should have passed. * Add new test case for crash bug found. Fix By: Brad House (@bradh352)
CVE 2023 32067.patch \| (download)	src/lib/ares_process.c \| 41 25 + 16 - 0 ! 1 file changed, 25 insertions(+), 16 deletions(-)	[patch] merge pull request from ghsa-9g78-jv2r-p7vc

1