release-1.34.5

Author: bradh352

changelog.md

@@ -2,6 +2,28 @@
 layout: page
 title: Changelog
 ---
+<a name="1_34_5"></a>
+## c-ares version 1.34.5 - April 8 2025
+
+This is a security release.
+
+Security:
+* CVE-2025-31498. A use-after-free bug has been uncovered in read_answers() that
+  was introduced in v1.32.3.  Please see https://github.com/c-ares/c-ares/security/advisories/GHSA-6hxc-62jh-p29v
+
+Changes:
+* Restore Windows XP support. [PR #958](https://github.com/c-ares/c-ares/pull/958)
+
+Bugfixes:
+* A missing mutex initialization would make busy polling for configuration
+  changes (platforms other than Windows, Linux, MacOS) eat too much CPU
+  [PR #974](https://github.com/c-ares/c-ares/pull/974)
+* Pkgconfig may be generated wrong for static builds in relation to `-pthread`
+  [PR #965](https://github.com/c-ares/c-ares/pull/965)
+* Localhost resolution can fail if only one address family is in `/etc/hosts`
+  [PR #947](https://github.com/c-ares/c-ares/pull/947)
+
+
 <a name="1_34_4"></a>
 ## c-ares version 1.34.4 - December 14 2024
 

download.md

@@ -3,6 +3,8 @@ title: Download c-ares
 layout: page
 permalink: /download/
 versions:
+  - version: 1.34.5
+    date: "8-apr-2024"
   - version: 1.34.4
     date: "14-dec-2024"
   - version: 1.34.3

index.md

@@ -1,8 +1,8 @@
 ---
 layout: page
 version:
-  version: 1.34.4
-  date: "14-dec-2024"
+  version: 1.34.5
+  date: "8-apr-2024"
 ---
 
 - [Download](#download)

vulns.md

@@ -5,6 +5,11 @@ title: c-ares vulnerabilities
 
 This is all known and public c-ares vulnerabilities to date. See also our [security incident process](/security.html).
 
+### CVE-2025-31498 - Apr 8 2025
+
+High. A use-after-free bug has been uncovered in read_answers() that was introduced in v1.32.3.
+[CVE-2025-31498](https://github.com/c-ares/c-ares/security/advisories/GHSA-6hxc-62jh-p29v)
+
 ### CVE-2024-25629 - Feb 23 2024
 
 Moderate. Reading malformatted `/etc/resolv.conf`, `/etc/nsswitch.conf` or the `HOSTALIASES` file could result in a