NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

package/c-ares: security bump to version 1.19.1

Browse Source 
Fixes the following security issues:

- CVE-2023-32067: High.  0-byte UDP payload causes Denial of Service
- CVE-2023-31147 Moderate.  Insufficient randomness in generation of DNS
  query IDs
- CVE-2023-31130.  Moderate.  Buffer Underwrite in ares_inet_net_pton()
- CVE-2023-31124.  Low.  AutoTools does not set CARES_RANDOM_FILE during
  cross compilation

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit 0afcfe5a48)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
Peter Korsgaard 2023-06-19 16:36:17 +02:00
parent 282d67e765
commit 4e2d157c72
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
package/c-ares/c-ares.hash
View File

@ -1,5 +1,5 @@
# Locally calculated after checking pgp signature
sha256 bfceba37e23fd531293829002cac0401ef49a6dc55923f7f92236585b7ad1dd3 c-ares-1.19.0.tar.gz
sha256 321700399b72ed0e037d0074c629e7741f6b2ec2dda92956abe3e9671d3e268e c-ares-1.19.1.tar.gz
# Hash for license file
sha256 db4eb63fe09daebdf57d3f79b091bb5ee5070c0d761040e83264e648d307af4c LICENSE.md

2
package/c-ares/c-ares.mk
View File

@ -4,7 +4,7 @@
#
################################################################################
C_ARES_VERSION = 1.19.0
C_ARES_VERSION = 1.19.1
C_ARES_SITE = http://c-ares.haxx.se/download
C_ARES_INSTALL_STAGING = YES
C_ARES_CONF_OPTS = --with-random=/dev/urandom