From: Peter Korsgaard <peter@korsgaard.com>
To: buildroot@buildroot.org
Subject: [Buildroot] [PATCH] package/c-ares: security bump to version 1.19.1
Date: Mon, 19 Jun 2023 16:36:17 +0200 [thread overview]
Message-ID: <20230619143618.250093-1-peter@korsgaard.com> (raw)
Fixes the following security issues:
- CVE-2023-32067: High. 0-byte UDP payload causes Denial of Service
- CVE-2023-31147 Moderate. Insufficient randomness in generation of DNS
query IDs
- CVE-2023-31130. Moderate. Buffer Underwrite in ares_inet_net_pton()
- CVE-2023-31124. Low. AutoTools does not set CARES_RANDOM_FILE during
cross compilation
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
package/c-ares/c-ares.hash | 2 +-
package/c-ares/c-ares.mk | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/package/c-ares/c-ares.hash b/package/c-ares/c-ares.hash
index edf891674b..3e1573f2cf 100644
--- a/package/c-ares/c-ares.hash
+++ b/package/c-ares/c-ares.hash
@@ -1,5 +1,5 @@
# Locally calculated after checking pgp signature
-sha256 bfceba37e23fd531293829002cac0401ef49a6dc55923f7f92236585b7ad1dd3 c-ares-1.19.0.tar.gz
+sha256 321700399b72ed0e037d0074c629e7741f6b2ec2dda92956abe3e9671d3e268e c-ares-1.19.1.tar.gz
# Hash for license file
sha256 db4eb63fe09daebdf57d3f79b091bb5ee5070c0d761040e83264e648d307af4c LICENSE.md
diff --git a/package/c-ares/c-ares.mk b/package/c-ares/c-ares.mk
index 4332fc6919..46b8acd673 100644
--- a/package/c-ares/c-ares.mk
+++ b/package/c-ares/c-ares.mk
@@ -4,7 +4,7 @@
#
################################################################################
-C_ARES_VERSION = 1.19.0
+C_ARES_VERSION = 1.19.1
C_ARES_SITE = http://c-ares.haxx.se/download
C_ARES_INSTALL_STAGING = YES
C_ARES_CONF_OPTS = --with-random=/dev/urandom
--
2.30.2
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
next reply other threads:[~2023-06-19 14:36 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-19 14:36 Peter Korsgaard [this message]
2023-06-19 19:34 ` [Buildroot] [PATCH] package/c-ares: security bump to version 1.19.1 Arnout Vandecappelle via buildroot
2023-07-06 11:32 ` Peter Korsgaard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230619143618.250093-1-peter@korsgaard.com \
--to=peter@korsgaard.com \
--cc=buildroot@buildroot.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.