Debian Package Tracker
Register | Log in
Subscribe

c-ares

Choose email to subscribe with

general
  • source: c-ares (main)
  • version: 1.34.8-1
  • maintainer: Gregor Jasny (DMD) (DM)
  • arch: all any
  • std-ver: 4.7.4
  • VCS: Git (Browse, QA)
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • o-o-stable: 1.17.1-1+deb11u3
  • o-o-sec: 1.17.1-1+deb11u3
  • oldstable: 1.18.1-3
  • stable: 1.34.5-1+deb13u1
  • stable-sec: 1.34.5-1+deb13u1
  • testing: 1.34.6-1
  • unstable: 1.34.8-1
versioned links
  • 1.17.1-1+deb11u3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 1.18.1-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 1.34.5-1+deb13u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 1.34.6-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 1.34.8-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • libc-ares-dev
  • libc-ares2
  • libcares2
action needed
3 security issues in trixie high

There are 3 open security issues in trixie.

3 important issues:
  • CVE-2026-33630:
  • TEMP-0000000-191FEB:
  • TEMP-0000000-A8E7DE:
Created: 2026-07-07 Last update: 2026-07-07 21:30
3 security issues in forky high

There are 3 open security issues in forky.

3 important issues:
  • CVE-2026-33630:
  • TEMP-0000000-191FEB:
  • TEMP-0000000-A8E7DE:
Created: 2026-07-07 Last update: 2026-07-07 21:30
4 security issues in bullseye high

There are 4 open security issues in bullseye.

3 important issues:
  • CVE-2026-33630:
  • TEMP-0000000-191FEB:
  • TEMP-0000000-A8E7DE:
1 issue postponed or untriaged:
  • CVE-2024-25629: (needs triaging) c-ares is a C library for asynchronous DNS requests. `ares__read_line()` is used to parse local configuration files such as `/etc/resolv.conf`, `/etc/nsswitch.conf`, the `HOSTALIASES` file, and if using a c-ares version prior to 1.27.0, the `/etc/hosts` file. If any of these configuration files has an embedded `NULL` character as the first character in a new line, it can lead to attempting to read memory prior to the start of the given buffer which may result in a crash. This issue is fixed in c-ares 1.27.0. No known workarounds exist.
Created: 2026-07-07 Last update: 2026-07-07 21:30
4 security issues in bookworm high

There are 4 open security issues in bookworm.

3 important issues:
  • CVE-2026-33630:
  • TEMP-0000000-191FEB:
  • TEMP-0000000-A8E7DE:
1 issue left for the package maintainer to handle:
  • CVE-2024-25629: (needs triaging) c-ares is a C library for asynchronous DNS requests. `ares__read_line()` is used to parse local configuration files such as `/etc/resolv.conf`, `/etc/nsswitch.conf`, the `HOSTALIASES` file, and if using a c-ares version prior to 1.27.0, the `/etc/hosts` file. If any of these configuration files has an embedded `NULL` character as the first character in a new line, it can lead to attempting to read memory prior to the start of the given buffer which may result in a crash. This issue is fixed in c-ares 1.27.0. No known workarounds exist.

You can find information about how to handle this issue in the security team's documentation.

Created: 2024-02-23 Last update: 2026-07-07 21:30
testing migrations
  • excuses:
    • Migration status for c-ares (1.34.6-1 to 1.34.8-1): BLOCKED: Maybe temporary, maybe blocked but Britney is missing information (check below)
    • Issues preventing migration:
    • ∙ ∙ Missing build on riscv64
    • ∙ ∙ Autopkgtest deferred on riscv64: missing arch:riscv64 build
    • ∙ ∙ Lintian check waiting for test results on riscv64 - info
    • ∙ ∙ Too young, only 1 of 2 days old
    • Additional info (not blocking):
    • ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/c/c-ares.html
    • ∙ ∙ Reproduced on amd64 - info
    • ∙ ∙ Reproduced on arm64 - info
    • ∙ ∙ Reproduced on armhf - info
    • ∙ ∙ Reproduced on i386 - info
    • Not considered
news
[rss feed]
  • [2026-07-07] Accepted c-ares 1.34.8-1 (source) into unstable (Gregor Jasny)
  • [2026-07-06] Accepted c-ares 1.34.7-1 (source) into unstable (Gregor Jasny)
  • [2025-12-20] Accepted c-ares 1.34.5-1+deb13u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Salvatore Bonaccorso)
  • [2025-12-18] Accepted c-ares 1.34.5-1+deb13u1 (source) into stable-security (Debian FTP Masters) (signed by: Salvatore Bonaccorso)
  • [2025-12-12] c-ares 1.34.6-1 MIGRATED to testing (Debian testing watch)
  • [2025-12-08] Accepted c-ares 1.34.6-1 (source) into unstable (Gregor Jasny)
  • [2025-04-11] c-ares 1.34.5-1 MIGRATED to testing (Debian testing watch)
  • [2025-04-08] Accepted c-ares 1.34.5-1 (source) into unstable (Gregor Jasny)
  • [2025-01-05] c-ares 1.34.4-2.1 MIGRATED to testing (Debian testing watch)
  • [2024-12-31] Accepted c-ares 1.34.4-2.1 (source) into unstable (Boyuan Yang)
  • [2024-12-30] Accepted c-ares 1.34.4-2 (source amd64 all) into unstable (Debian FTP Masters) (signed by: Boyuan Yang)
  • [2024-12-20] c-ares 1.34.4-1 MIGRATED to testing (Debian testing watch)
  • [2024-12-14] Accepted c-ares 1.34.4-1 (source) into unstable (Gregor Jasny)
  • [2024-12-13] c-ares 1.34.3-1 MIGRATED to testing (Debian testing watch)
  • [2024-12-07] Accepted c-ares 1.34.3-1 (source) into unstable (Gregor Jasny)
  • [2024-10-23] c-ares 1.34.2-1 MIGRATED to testing (Debian testing watch)
  • [2024-10-17] Accepted c-ares 1.34.2-1 (source) into unstable (Gregor Jasny)
  • [2024-09-27] c-ares 1.33.1-2 MIGRATED to testing (Debian testing watch)
  • [2024-09-21] Accepted c-ares 1.33.1-2 (source) into unstable (Gregor Jasny)
  • [2024-08-29] c-ares 1.33.1-1 MIGRATED to testing (Debian testing watch)
  • [2024-08-24] Accepted c-ares 1.33.1-1 (source) into unstable (Gregor Jasny)
  • [2024-08-08] c-ares 1.33.0-1 MIGRATED to testing (Debian testing watch)
  • [2024-08-02] Accepted c-ares 1.33.0-1 (source) into unstable (Gregor Jasny)
  • [2024-07-30] c-ares 1.32.3-1 MIGRATED to testing (Debian testing watch)
  • [2024-07-24] Accepted c-ares 1.32.3-1 (source) into unstable (Gregor Jasny)
  • [2024-07-24] c-ares 1.32.2-2 MIGRATED to testing (Debian testing watch)
  • [2024-07-18] Accepted c-ares 1.32.2-2 (source) into unstable (Gregor Jasny)
  • [2024-07-17] Accepted c-ares 1.32.2-1 (source) into unstable (Gregor Jasny)
  • [2024-06-24] c-ares 1.31.0-1 MIGRATED to testing (Debian testing watch)
  • [2024-06-18] Accepted c-ares 1.31.0-1 (source) into unstable (Gregor Jasny)
  • 1
  • 2
bugs [bug history graph]
  • all: 0
links
  • homepage
  • lintian
  • buildd: logs, reproducibility, cross
  • popcon
  • browse source code
  • other distros
  • security tracker
  • debian patches
ubuntu Ubuntu logo [Information about Ubuntu for Debian Developers]
  • version: 1.34.6-1

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing