-
c-ares (1.17.1-1ubuntu0.1) hirsute-security; urgency=medium
* SECURITY UPDATE: Missing input validation on hostnames returned by DNS
servers
- debian/patches/CVE-2021-3672-1.patch: escape more characters in
src/lib/ares_expand_name.c.
- debian/patches/CVE-2021-3672-2.patch: fix formatting and handling of
root name response in src/lib/ares_expand_name.c.
- CVE-2021-3672
-- Marc Deslauriers <email address hidden> Mon, 02 Aug 2021 07:27:52 -0400
-
c-ares (1.17.1-1) unstable; urgency=medium
* Imported Upstream version 1.17.1 (fixes CVE-2020-8277)
* Bumped standards to version 4.5.1 (no changes needed)
* Update upstream repository metadata
* Ignore installed libtool file for all architectures
-- Gregor Jasny <email address hidden> Thu, 19 Nov 2020 18:57:27 +0100
-
c-ares (1.16.1-1ubuntu1) hirsute; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2020-8277.patch: truncate to at most
*naddrttls entries in ares_parse_a_reply.c, ares_parse_aaaa_reply.c.
- CVE-2020-8277
-- <email address hidden> (Leonidas S. Barbosa) Wed, 18 Nov 2020 11:50:45 -0300
-
c-ares (1.16.1-1) unstable; urgency=high
* Imported Upstream version 1.16.1
* This release prevents a possible use-after-free and
double-free in ares_getaddrinfo() if ares_destroy()
is called prior to ares_getaddrinfo() completing.
-- Gregor Jasny <email address hidden> Mon, 11 May 2020 20:24:56 +0200