c-ares (1.18.1-1ubuntu0.22.04.3) jammy-security; urgency=medium * SECURITY UPDATE: Out of bounds read in ares__read_line() - debian/patches/CVE-2024-25629.patch: filtering to eliminate out of bounds read - CVE-2024-25629 -- Nick Galanis Wed, 28 Feb 2024 13:37:18 +0000 c-ares (1.18.1-1ubuntu0.22.04.2) jammy-security; urgency=medium * SECURITY UPDATE: buffer underflow on certain ipv6 addresses - debian/patches/CVE-2023-31130.diff: add newer inet_net_pton_ipv6() and fix test cases in src/lib/inet_net_pton.c, test/ares-test-internal.cc. - CVE-2023-31130 * SECURITY UPDATE: denial of service via 0-byte UDP payload - debian/patches/CVE-2023-32067.diff: check length in src/lib/ares_process.c. - CVE-2023-32067 -- Marc Deslauriers Mon, 12 Jun 2023 14:43:33 -0400 c-ares (1.18.1-1ubuntu0.22.04.1) jammy-security; urgency=medium * SECURITY UPDATE: buffer overflow in config_sortlist() - debian/patches/CVE-2022-4904.patch: add length checks to src/lib/ares_init.c, test/ares-test-init.cc. - CVE-2022-4904 -- Marc Deslauriers Wed, 01 Mar 2023 12:18:31 -0500 c-ares (1.18.1-1build1) jammy; urgency=medium * No-change rebuild for ppc64el baseline bump. -- Ɓukasz 'sil2100' Zemczak Wed, 23 Mar 2022 10:45:19 +0100 c-ares (1.18.1-1) unstable; urgency=medium * Imported Upstream version 1.18.1 -- Gregor Jasny Wed, 27 Oct 2021 09:15:14 +0200 c-ares (1.18.0-1) unstable; urgency=low * Imported Upstream version 1.18.0 * Bumped debhelper from old 12 to 13. * Bumped standards to version 4.6.0 (no changes needed) * Updated upstream contact data -- Gregor Jasny Tue, 26 Oct 2021 15:53:53 +0200 c-ares (1.17.2-1) unstable; urgency=low * Imported Upstream version 1.17.2 (fixes CVE-2021-3672) * Bumped standards to version 4.5.2 (no changes needed) -- Gregor Jasny Wed, 18 Aug 2021 18:21:53 +0200 c-ares (1.17.1-1.1) unstable; urgency=medium * Non-maintainer upload. * Missing input validation on hostnames returned by DNS servers (CVE-2021-3672) (Closes: #992053) - ares_expand_name() should escape more characters - ares_expand_name(): fix formatting and handling of root name response -- Salvatore Bonaccorso Sat, 07 Aug 2021 11:43:50 +0200 c-ares (1.17.1-1) unstable; urgency=medium * Imported Upstream version 1.17.1 (fixes CVE-2020-8277) * Bumped standards to version 4.5.1 (no changes needed) * Update upstream repository metadata * Ignore installed libtool file for all architectures -- Gregor Jasny Thu, 19 Nov 2020 18:57:27 +0100 c-ares (1.16.1-1) unstable; urgency=high * Imported Upstream version 1.16.1 * This release prevents a possible use-after-free and double-free in ares_getaddrinfo() if ares_destroy() is called prior to ares_getaddrinfo() completing. -- Gregor Jasny Mon, 11 May 2020 20:24:56 +0200 c-ares (1.16.0-1) unstable; urgency=medium * Imported Upstream version 1.16.0 * Bumped standards to version 4.5.0 (no changes needed) * Use debhelper v12 -- Gregor Jasny Sat, 04 Apr 2020 13:24:31 +0200 c-ares (1.15.0-1) unstable; urgency=low * Imported Upstream version 1.15.0 * Bumped standards to version 4.4.0 (no changes needed) * Add Build-Depends-Package field in symbols file * Minimize upstream signing key -- Gregor Jasny Wed, 17 Jul 2019 20:54:21 +0200 c-ares (1.14.0-1) unstable; urgency=low * Imported Upstream version 1.14.0 * Update upstream signature key * Remove already applied patches -- Gregor Jasny Fri, 16 Feb 2018 20:40:22 +0100 c-ares (1.13.0-3) unstable; urgency=low * Bumped standards to version 4.1.3 (adjusted priority) * Enable bindnow hardening flag -- Gregor Jasny Sat, 30 Dec 2017 15:11:34 +0100 c-ares (1.13.0-2) unstable; urgency=medium * ares_parse_naptr_reply: make buffer length check more accurate -- Gregor Jasny Sun, 16 Jul 2017 19:12:12 +0200 c-ares (1.13.0-1) unstable; urgency=medium * Imported Upstream version 1.13.0 * Bump standards to 4.0.0 (no changes needed) -- Gregor Jasny Wed, 28 Jun 2017 22:52:31 +0200 c-ares (1.12.0-4) unstable; urgency=high * Add patch for CVE-2017-1000381 (Closes: #865360) -- Gregor Jasny Sun, 25 Jun 2017 22:53:15 +0200 c-ares (1.12.0-2) unstable; urgency=medium * Add myself as maintainer (Closes: #861697) -- Gregor Jasny Thu, 04 May 2017 20:29:55 +0200 c-ares (1.12.0-1) unstable; urgency=high [ Daniel Stenberg ] * bump: start working on the next version * AUTHORS: added contributors from the 1.11.0 release * configure: acknowledge --disable-tests [ Gregor Jasny ] * Fix man page typos detected by Lintian [ David Drysdale ] * test: add missing #includes for dns-proto.cc * test: avoid in6addr_* constants * test: Build with MinGW on AppVeyor [ Viktor Szakats ] * Makefile.m32: add support for extra flags * Makefile.m32: add support for CROSSPREFIX [ Brad House ] * configure: check if tests can get built before enabled [ David Drysdale ] * ares_library_cleanup: reset ares_realloc too * ahost.c: add cast to fix C++ compile * test: Only pass unused args to GoogleTest * test: Use different name in live test * build: commonize MSVC version detection [ Chris Araman ] * msvc_ver.inc: support Visual Studio 2015 Update 1 [ David Drysdale ] * test: for AF_UNSPEC, return CNAME only for AAAA, but valid A record * Explicitly clear struct servent before use * test: Update fuzzing function prototype * test: Check setting nsort=0 option is respected [ nordsturm ] * Fix nsort initialization [ David Drysdale ] * test: Add utility to show DNS packet from file * test: Add corpus of DNS packets * test: allow multiple files in aresfuzz command line * test: add fuzzing check script to tests * test: Run fuzzcheck.sh in Travis build [ svante karlsson ] * Update msvc_ver.inc [ David Drysdale ] * test: drop superfluous fuzz inputs [ Daniel Stenberg ] * email: use Gisle's "new" address [ David Drysdale ] * Fix trailing comment for #endif [ Chris Araman ] * Update msvc_ver.inc [ Daniel Stenberg ] * web: http => https * read_tcp_data: remove superfluous NULL check [ David Drysdale ] * test: disable MinGW tests * test: simplify deps for fuzzer entrypoint * test: fuzzer mode for AFL's persistent mode * test: make fuzzer driver code C not C++ * test: more info on how to run fuzz testing * test: Add Clang static analysis build to Travis [ Daniel Stenberg ] * SECURITY.md: suggested "security process" for the project * README: added "CII best practices" badge * LICENSE.md: add a stand-alone license file * AUTHORS: added contributors from the git log * AUTHOR: maybe gitgub isn't really an author =) [ David Drysdale ] * test: Add null pointer to gtest args * test: Add valgrind build variant * test: Force reinstall of libtool on OSX * ares_init_options: only propagate init failures from options * api: add ARES_OPT_NOROTATE optmask value [ Brad House ] * headers: remove checks for and defines of variable sizes [ David Drysdale ] * test: fix gMock to work with gcc >= 6.x [ Daniel Stenberg ] * ares_create_query.3: edit language * RELEASE-NOTES: synced with daa7235b1a5 * SECURITY: point to the vulnerabilities page now * ares_init.3: split the init docs into two separate man pages * ares_destroy.3: formatting polish * docs: minor formatting edits * README: link to the correct c-ares badge! * README.md: remove space from link * ares_library_init.3: corrected the ares_library_init_mem proto [ David Drysdale ] * man: update ares_init_options.3 [ Daniel Stenberg ] * make: bump CARES_VERSION_INFO for release * ares_library_initialized.3: added * ares_create_query: avoid single-byte buffer overwrite [ David Drysdale ] * ares-test-misc: test ares_create_query with escaped trailing dot [ Daniel Stenberg ] * RELEASE-NOTES: 1.12.0 [ Gregor Jasny ] * Import c-ares 1.12.0 (Closes: #839151) * Bump standards to 3.9.8 (no changes needed) * Stop moving ares_build.h to multiarch include path -- Gregor Jasny Thu, 29 Sep 2016 18:19:09 +0200 c-ares (1.11.0-1) unstable; urgency=low * Imported Upstream version 1.11.0 * Change VCS information to https protocol * Updated watch file * Bump standards to 3.9.7 (no changes needed) -- Gregor Jasny Sun, 21 Feb 2016 15:46:29 +0100 c-ares (1.11.0~rc1-1) experimental; urgency=medium * Imported Upstream release snapshot -- Gregor Jasny Fri, 12 Feb 2016 21:14:11 +0100 c-ares (1.10.0-3) unstable; urgency=low [ James McCoy ] * Move debian/upstream to debian/upstream/metadata [ Gregor Jasny ] * Bump standards to 3.9.4 (no changes needed) * Add missing man pages (Closes: #811241) -- Gregor Jasny Sat, 23 Jan 2016 22:22:32 +0100 c-ares (1.10.0-2) unstable; urgency=low * Bump standards to v3.9.4 (no changes needed) * Canonicalize Git VCS URL * Prevent autoconf from mangling passed cflags * Depend on debhelper 9 -- Gregor Jasny Sun, 16 Jun 2013 13:38:58 +0200 c-ares (1.10.0-1) unstable; urgency=low * Imported Upstream version 1.10.0 * Add Upstream Metadata * Fix package description (Closes: #680640) * Dropped deprecated DM-Upload-Allowed flag * Remove patches that were applied upstream * Add new 1.10.0 symbols -- Gregor Jasny Tue, 14 May 2013 22:19:12 +0200 c-ares (1.9.1-3) unstable; urgency=low * Moved ares_build.h to arch dependent include dir (Closes: #678996) -- Gregor Jasny Mon, 25 Jun 2012 19:37:00 +0200 c-ares (1.9.1-2) unstable; urgency=low * Remove ares_free_soa declaration from ares.h -- Gregor Jasny Tue, 19 Jun 2012 09:43:09 +0200 c-ares (1.9.1-1) unstable; urgency=low * Imported Upstream version 1.9.1 * Update homepage field (Closes: #674406) * Mark dev package as Multi-Arch: same -- Gregor Jasny Mon, 18 Jun 2012 23:06:40 +0200 c-ares (1.8.0-1) unstable; urgency=low * Imported Upstream version 1.8.0 * Fix typo in package description (Closes: #638923) * Bump standards to v3.9.3 (no changes needed) -- Gregor Jasny Thu, 10 May 2012 21:46:27 +0200 c-ares (1.7.5-1) unstable; urgency=low * Imported Upstream version 1.7.5 * Update watch file location * Fix typo in Uploaders field * Update SCM Browser URL * Convert to Multiarch * Bump standards to v3.9.2 (no changes needed) -- Gregor Jasny Sun, 21 Aug 2011 15:19:21 +0200 c-ares (1.7.4-1) unstable; urgency=low [ Gregor Jasny ] * Imported Upstream version 1.7.4 * Fix typo in package description (Closes: #600309) * Bump standards to v3.9.1 (no changes needed) * Unapply patches after build * Add new symbols [ Andreas Schuldei ] * added Gregor Jasny as uploader -- Andreas Schuldei Thu, 03 Mar 2011 21:48:00 +0100 c-ares (1.7.3-1) unstable; urgency=low [ Gregor Jasny ] * Imported Upstream version 1.7.3 * Add ares_parse_mx_reply symbol -- Andreas Schuldei Fri, 11 Jun 2010 18:33:50 +0200 c-ares (1.7.1-0) unstable; urgency=low [ Gregor Jasny ] * Remove quilt dir * Imported Upstream version 1.7.0 * Bump standards to v3.8.3 (no changes needed) * Hide private symbols and add Debian symbols file * Use separate build dir * Tightened debhelper dependency * Revert "Use separate build dir" * Imported Upstream version 1.7.1 * Add new ares_{get,set}_servers symbols * Bump standards to v3.8.4 (no changes needed) * Switch to dpkg-source 3.0 (quilt) format -- Andreas Schuldei Fri, 30 Apr 2010 21:27:20 +0200 c-ares (1.6.0-2) unstable; urgency=low [ Gregor Jasny ] * Add git-buildpackage config * Imported Upstream version 1.6.0 * New Upstream Version 1.6.0 * Removed no_maxhostnamelen patch * Add Vcs-* fields to control file * Make package binNMUable (lintian: not-binnmuable-any-depends-any) * Add watch file (lintian: debian-watch-file-is-missing) * Updated standards to 3.8.1 (no changes needed) * Remove duplicate section (lintian: binary-control-field-duplicates- source) * Use debhelper 7 and its tiny rules script * Use copyright sign instead of (c) to make lintian happy * Add some words to the -dev package (lintian: duplicate-short- description) -- Andreas Schuldei Mon, 25 May 2009 13:23:43 +0200 c-ares (1.6.0-1) unstable; urgency=low * New Upstream Version -- Gregor Jasny Mon, 04 May 2009 22:01:20 +0200 c-ares (1.5.2-4) unstable; urgency=low * fixing linitan warnings: standards versions, clean target in rules * fix memory leak in MAXHOSTNAMELEN patch -- Andreas Schuldei Mon, 30 Jun 2008 16:33:20 +0200 c-ares (1.5.2-3) unstable; urgency=low * remove the need to have MAXHOSTNAMELEN, to make hurd build -- Andreas Schuldei Sun, 29 Jun 2008 01:55:35 +0200 c-ares (1.5.2-2) unstable; urgency=low * file conflicts (Closes: #484574) -- Andreas Schuldei Thu, 05 Jun 2008 10:00:56 +0200 c-ares (1.5.2-1) unstable; urgency=low * missing copyright information in debian/copyright (Closes: #484517) -- Andreas Schuldei Wed, 04 Jun 2008 20:22:59 +0200 c-ares (1.5.2-0) unstable; urgency=low * new upstream release: 1.5.2 * Conflict with libcares2 (Closes: #478588) * libc-ares1 contains libcares.2.so (Closes: #480589) -- Andreas Schuldei Sat, 31 May 2008 01:08:35 +0200 c-ares (1.5.1-0) unstable; urgency=low * new upstream release: 1.5.1 * file conflicts between packages (Closes: #451343) * switch to pkgconfig, disable .la -- Andreas Schuldei Mon, 26 Nov 2007 14:09:46 +0100 c-ares (1.4.0-1) unstable; urgency=low * Initial release (Closes: #359794) packaging c-ares -- Andreas Schuldei Sat, 21 Jul 2007 17:44:06 +0200