diff -Nru c-ares-1.15.0/debian/changelog c-ares-1.15.0/debian/changelog --- c-ares-1.15.0/debian/changelog 2023-06-12 18:45:23.000000000 +0000 +++ c-ares-1.15.0/debian/changelog 2023-09-14 15:00:59.000000000 +0000 @@ -1,3 +1,12 @@ +c-ares (1.15.0-1ubuntu0.4) focal-security; urgency=medium + + * SECURITY UPDATE: DoS via out-of-bounds read + - debian/patches/CVE-2020-22217.patch: check length in + ares_parse_soa_reply.c. + - CVE-2020-22217 + + -- Marc Deslauriers Thu, 14 Sep 2023 11:00:59 -0400 + c-ares (1.15.0-1ubuntu0.3) focal-security; urgency=medium * SECURITY UPDATE: buffer underflow on certain ipv6 addresses diff -Nru c-ares-1.15.0/debian/patches/CVE-2020-22217.patch c-ares-1.15.0/debian/patches/CVE-2020-22217.patch --- c-ares-1.15.0/debian/patches/CVE-2020-22217.patch 1970-01-01 00:00:00.000000000 +0000 +++ c-ares-1.15.0/debian/patches/CVE-2020-22217.patch 2023-09-14 14:53:21.000000000 +0000 @@ -0,0 +1,25 @@ +From 1b98172b141fe874ad43e679e67506f9b2139043 Mon Sep 17 00:00:00 2001 +From: lutianxiong <50396812+ltx2018@users.noreply.github.com> +Date: Fri, 22 May 2020 20:02:21 +0800 +Subject: [PATCH] avoid read-heap-buffer-overflow (#332) + +Fix invalid read in ares_parse_soa_reply.c found during fuzzing + +Fixes Bug: #333 +Fix By: lutianxiong (@ltx2018) +--- + ares_parse_soa_reply.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/ares_parse_soa_reply.c ++++ b/ares_parse_soa_reply.c +@@ -65,6 +65,9 @@ ares_parse_soa_reply(const unsigned char + status = ares__expand_name_for_response(aptr, abuf, alen, &qname, &len); + if (status != ARES_SUCCESS) + goto failed_stat; ++ ++ if (alen <= len + HFIXEDSZ + 1) ++ goto failed; + aptr += len; + + /* skip qtype & qclass */ diff -Nru c-ares-1.15.0/debian/patches/series c-ares-1.15.0/debian/patches/series --- c-ares-1.15.0/debian/patches/series 2023-06-12 18:44:47.000000000 +0000 +++ c-ares-1.15.0/debian/patches/series 2023-09-14 14:53:16.000000000 +0000 @@ -5,3 +5,4 @@ CVE-2022-4904.patch CVE-2023-31130.diff CVE-2023-32067.diff +CVE-2020-22217.patch