diff -Nru c-ares-1.18.1/debian/changelog c-ares-1.18.1/debian/changelog
--- c-ares-1.18.1/debian/changelog	2023-06-12 18:43:33.000000000 +0000
+++ c-ares-1.18.1/debian/changelog	2024-02-28 13:37:18.000000000 +0000
@@ -1,3 +1,12 @@
+c-ares (1.18.1-1ubuntu0.22.04.3) jammy-security; urgency=medium
+
+  * SECURITY UPDATE: Out of bounds read in ares__read_line()
+    - debian/patches/CVE-2024-25629.patch: filtering to 
+      eliminate out of bounds read
+    - CVE-2024-25629
+
+ -- Nick Galanis <nick.galanis@canonical.com>  Wed, 28 Feb 2024 13:37:18 +0000
+
 c-ares (1.18.1-1ubuntu0.22.04.2) jammy-security; urgency=medium
 
   * SECURITY UPDATE: buffer underflow on certain ipv6 addresses
diff -Nru c-ares-1.18.1/debian/patches/CVE-2024-25629.patch c-ares-1.18.1/debian/patches/CVE-2024-25629.patch
--- c-ares-1.18.1/debian/patches/CVE-2024-25629.patch	1970-01-01 00:00:00.000000000 +0000
+++ c-ares-1.18.1/debian/patches/CVE-2024-25629.patch	2024-02-28 12:25:42.000000000 +0000
@@ -0,0 +1,28 @@
+From a804c04ddc8245fc8adf0e92368709639125e183 Mon Sep 17 00:00:00 2001
+From: Brad House <brad@brad-house.com>
+Date: Thu, 22 Feb 2024 16:23:33 -0500
+Subject: [PATCH] Merge pull request from GHSA-mg26-v6qh-x48q
+
+---
+ src/lib/ares__read_line.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+Index: c-ares-1.18.1/src/lib/ares__read_line.c
+===================================================================
+--- c-ares-1.18.1.orig/src/lib/ares__read_line.c
++++ c-ares-1.18.1/src/lib/ares__read_line.c
+@@ -49,6 +49,14 @@ int ares__read_line(FILE *fp, char **buf
+       if (!fgets(*buf + offset, bytestoread, fp))
+         return (offset != 0) ? 0 : (ferror(fp)) ? ARES_EFILE : ARES_EOF;
+       len = offset + strlen(*buf + offset);
++
++      /* Probably means there was an embedded NULL as the first character in
++      * the line, throw away line */
++      if (len == 0) {
++        offset = 0;
++        continue;
++      }
++
+       if ((*buf)[len - 1] == '\n')
+         {
+           (*buf)[len - 1] = 0;
diff -Nru c-ares-1.18.1/debian/patches/series c-ares-1.18.1/debian/patches/series
--- c-ares-1.18.1/debian/patches/series	2023-06-12 18:43:29.000000000 +0000
+++ c-ares-1.18.1/debian/patches/series	2024-02-28 12:25:38.000000000 +0000
@@ -2,3 +2,4 @@
 CVE-2022-4904.patch
 CVE-2023-31130.diff
 CVE-2023-32067.diff
+CVE-2024-25629.patch