From https://c-ares.org/changelog.html (with CVE links added): """ c-ares version 1.19.1 - May 22 2023 Security: CVE-2023-32067. High. 0-byte UDP payload causes Denial of Service (https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc) CVE-2023-31147 Moderate. Insufficient randomness in generation of DNS query IDs (https://github.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2) CVE-2023-31130. Moderate. Buffer Underwrite in ares_inet_net_pton() (https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v) CVE-2023-31124. Low. AutoTools does not set CARES_RANDOM_FILE during cross compilation (https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4) """
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e390c358ad849784b280deaa023250aebf5f7f1b commit e390c358ad849784b280deaa023250aebf5f7f1b Author: Sam James <sam@gentoo.org> AuthorDate: 2023-05-23 03:39:22 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-05-23 03:39:22 +0000 net-dns/c-ares: add 1.19.1 Bug: https://bugs.gentoo.org/906964 Signed-off-by: Sam James <sam@gentoo.org> net-dns/c-ares/Manifest | 2 ++ net-dns/c-ares/c-ares-1.19.1.ebuild | 70 +++++++++++++++++++++++++++++++++++++ 2 files changed, 72 insertions(+)