From 0afcfe5a48bd0cb33b1431bb92a5b43ba1109270 Mon Sep 17 00:00:00 2001 From: Peter Korsgaard Date: Mon, 19 Jun 2023 16:36:17 +0200 Subject: [PATCH] package/c-ares: security bump to version 1.19.1 Fixes the following security issues: - CVE-2023-32067: High. 0-byte UDP payload causes Denial of Service - CVE-2023-31147 Moderate. Insufficient randomness in generation of DNS query IDs - CVE-2023-31130. Moderate. Buffer Underwrite in ares_inet_net_pton() - CVE-2023-31124. Low. AutoTools does not set CARES_RANDOM_FILE during cross compilation Signed-off-by: Peter Korsgaard Signed-off-by: Arnout Vandecappelle --- package/c-ares/c-ares.hash | 2 +- package/c-ares/c-ares.mk | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/package/c-ares/c-ares.hash b/package/c-ares/c-ares.hash index edf891674b..3e1573f2cf 100644 --- a/package/c-ares/c-ares.hash +++ b/package/c-ares/c-ares.hash @@ -1,5 +1,5 @@ # Locally calculated after checking pgp signature -sha256 bfceba37e23fd531293829002cac0401ef49a6dc55923f7f92236585b7ad1dd3 c-ares-1.19.0.tar.gz +sha256 321700399b72ed0e037d0074c629e7741f6b2ec2dda92956abe3e9671d3e268e c-ares-1.19.1.tar.gz # Hash for license file sha256 db4eb63fe09daebdf57d3f79b091bb5ee5070c0d761040e83264e648d307af4c LICENSE.md diff --git a/package/c-ares/c-ares.mk b/package/c-ares/c-ares.mk index 4332fc6919..46b8acd673 100644 --- a/package/c-ares/c-ares.mk +++ b/package/c-ares/c-ares.mk @@ -4,7 +4,7 @@ # ################################################################################ -C_ARES_VERSION = 1.19.0 +C_ARES_VERSION = 1.19.1 C_ARES_SITE = http://c-ares.haxx.se/download C_ARES_INSTALL_STAGING = YES C_ARES_CONF_OPTS = --with-random=/dev/urandom