diff --git a/.github/workflows/portage-stable-packages-list b/.github/workflows/portage-stable-packages-list
index 11283c1540..953015be7f 100644
--- a/.github/workflows/portage-stable-packages-list
+++ b/.github/workflows/portage-stable-packages-list
@@ -291,6 +291,7 @@ net-analyzer/nmap
 net-analyzer/traceroute
 
 net-dns/bind-tools
+net-dns/c-ares
 net-dns/dnsmasq
 
 net-fs/cifs-utils
diff --git a/changelog/security/2023-05-03-c-ares-1.19.0.md b/changelog/security/2023-05-03-c-ares-1.19.0.md
new file mode 100644
index 0000000000..02d478b46e
--- /dev/null
+++ b/changelog/security/2023-05-03-c-ares-1.19.0.md
@@ -0,0 +1 @@
+- c-ares ([CVE-2022-4904](https://nvd.nist.gov/vuln/detail/CVE-2022-4904))
diff --git a/changelog/updates/2023-05-03-c-ares-1.19.0.md b/changelog/updates/2023-05-03-c-ares-1.19.0.md
new file mode 100644
index 0000000000..ee9e4a50a0
--- /dev/null
+++ b/changelog/updates/2023-05-03-c-ares-1.19.0.md
@@ -0,0 +1 @@
+- c-ares ([1.19.0](https://c-ares.org/changelog.html#1_19_0))
diff --git a/sdk_container/src/third_party/portage-stable/net-dns/c-ares/Manifest b/sdk_container/src/third_party/portage-stable/net-dns/c-ares/Manifest
index 99b1551d21..799731cb27 100644
--- a/sdk_container/src/third_party/portage-stable/net-dns/c-ares/Manifest
+++ b/sdk_container/src/third_party/portage-stable/net-dns/c-ares/Manifest
@@ -1,2 +1,2 @@
-DIST c-ares-1.17.1.tar.gz 1518701 BLAKE2B 31dac21ecae231e2a201dc1ba954c1a0663a06f93eb8e7e033ca3c6d385f53e07af0b04854739f1ee8a7f0693f67f620143e152ef092b49342c62279a0480905 SHA512 b11887bcc9274d368088e1a8b6aca62414f20675cf0bc58e948f54fa04c327c39dd23cefe7509eec6397db14b550a3f6b77f5c18b3d735b3eef48ce2da1dcd00
-DIST c-ares-1.17.2.tar.gz 1538276 BLAKE2B c6f5ad65ca75f8467b624daf3caaee2f35d6e4714ce46ebe1bbf79447feecf8615915b00fa5e7bd1e97c6232864e06c53a792fbadf36a5399883529769273e24 SHA512 f625e0ef8508af6475d3e83b51ab29be8a4878e2a87e7f518bea046b76a74bfde7043ca6ec2a9e714c898ab9e5d4a5a678c3347a9f9eb68980438f7ca8ae3fc8
+DIST c-ares-1.19.0.tar.gz 1572210 BLAKE2B d77be535dfa852bf3d91258ddf06b3c63a40123883adb83a4e5652d4b1b16801ddefefad70d83a7d6d9aa81c9c81956fef42bc778d7380d6b398ccfc9f8b82dc SHA512 a7f5988bef393afec08a225be92f6eee54a3e67170fb26cbe00dcc5c5a457b27037bbcfeccc39fb855ed72f100196958d6cbbe251bf1ccfbdd353be18f098359
+DIST c-ares-1.19.0.tar.gz.asc 488 BLAKE2B 1b8dc3ad7b916cb5ea1c95ffd12315d303f78880416836d11d2fa7d8ca93fa1ca30898e6a865af79a35e5dc4d0f4fccfcc9eae6f028d456d38ede9fe8b7edd71 SHA512 814aad5dbe2bb987035b53d977e03a73a90356200f671f36949a77e978cf8311ccc8375e63ade6fe2e1380f1f9c3b34c1ba7d48365fd5689cf5c24425ab8a129
diff --git a/sdk_container/src/third_party/portage-stable/net-dns/c-ares/c-ares-1.17.1.ebuild b/sdk_container/src/third_party/portage-stable/net-dns/c-ares/c-ares-1.17.1.ebuild
deleted file mode 100644
index 7a5e47f106..0000000000
--- a/sdk_container/src/third_party/portage-stable/net-dns/c-ares/c-ares-1.17.1.ebuild
+++ /dev/null
@@ -1,37 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit autotools multilib-minimal
-
-DESCRIPTION="C library that resolves names asynchronously"
-HOMEPAGE="https://c-ares.haxx.se/"
-SRC_URI="https://${PN}.haxx.se/download/${P}.tar.gz"
-
-LICENSE="MIT"
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc64-solaris"
-IUSE="static-libs"
-
-# Subslot = SONAME of libcares.so.2
-SLOT="0/2"
-
-DOCS=( AUTHORS CHANGES NEWS README.md RELEASE-NOTES TODO )
-
-MULTILIB_WRAPPED_HEADERS=(
-	/usr/include/ares_build.h
-)
-
-multilib_src_configure() {
-	ECONF_SOURCE=${S} \
-	econf \
-		--enable-nonblocking \
-		--enable-symbol-hiding \
-		--disable-tests \
-		$(use_enable static-libs static)
-}
-
-multilib_src_install_all() {
-	einstalldocs
-	find "${ED}" -name "*.la" -delete || die
-}
diff --git a/sdk_container/src/third_party/portage-stable/net-dns/c-ares/c-ares-1.17.2.ebuild b/sdk_container/src/third_party/portage-stable/net-dns/c-ares/c-ares-1.19.0.ebuild
similarity index 54%
rename from sdk_container/src/third_party/portage-stable/net-dns/c-ares/c-ares-1.17.2.ebuild
rename to sdk_container/src/third_party/portage-stable/net-dns/c-ares/c-ares-1.19.0.ebuild
index e8187e7750..f7520a609b 100644
--- a/sdk_container/src/third_party/portage-stable/net-dns/c-ares/c-ares-1.17.2.ebuild
+++ b/sdk_container/src/third_party/portage-stable/net-dns/c-ares/c-ares-1.19.0.ebuild
@@ -1,21 +1,27 @@
-# Copyright 1999-2021 Gentoo Authors
+# Copyright 1999-2023 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
-EAPI=7
+EAPI=8
 
-inherit autotools multilib-minimal
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/danielstenberg.asc
+inherit edo multilib-minimal verify-sig
 
 DESCRIPTION="C library that resolves names asynchronously"
-HOMEPAGE="https://c-ares.haxx.se/"
-SRC_URI="https://${PN}.haxx.se/download/${P}.tar.gz"
+HOMEPAGE="https://c-ares.org/"
+SRC_URI="
+	https://c-ares.org/download/${P}.tar.gz
+	verify-sig? ( https://c-ares.org/download/${P}.tar.gz.asc )
+"
 
+LICENSE="MIT"
 # Subslot = SONAME of libcares.so.2
 SLOT="0/2"
-LICENSE="MIT"
-KEYWORDS="~alpha amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ppc ~ppc64 ~riscv ~s390 sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc64-solaris"
+KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~sparc64-solaris ~x64-solaris ~x86-solaris"
 IUSE="static-libs test"
 RESTRICT="!test? ( test )"
 
+BDEPEND="verify-sig? ( sec-keys/openpgp-keys-danielstenberg )"
+
 DOCS=( AUTHORS CHANGES NEWS README.md RELEASE-NOTES TODO )
 
 MULTILIB_WRAPPED_HEADERS=(
@@ -23,16 +29,18 @@ MULTILIB_WRAPPED_HEADERS=(
 )
 
 multilib_src_configure() {
+	local myeconfargs=(
+		--enable-nonblocking
+		--enable-symbol-hiding
+		$(use_enable static-libs static)
+		$(use_enable test tests)
+	)
+
 	# Needed for running unit tests only
 	# Violates sandbox and tests pass fine without
-	ax_cv_uts_namespace=no \
-	ax_cv_user_namespace=no \
-	ECONF_SOURCE="${S}" \
-	econf \
-		--enable-nonblocking \
-		--enable-symbol-hiding \
-		$(use_enable static-libs static) \
-		$(use_enable test tests)
+	export ax_cv_uts_namespace=no
+	export ax_cv_user_namespace=no
+	ECONF_SOURCE="${S}" econf "${myeconfargs[@]}"
 }
 
 multilib_src_test() {
@@ -52,7 +60,7 @@ multilib_src_test() {
 
 	# The format for disabling test1, test2, and test3 looks like:
 	# -test1:test2:test3
-	./arestest --gtest_filter=-$(echo $(IFS=:; echo "${network_tests[*]}")) || die "arestest failed!"
+	edo ./arestest --gtest_filter=-$(echo $(IFS=:; echo "${network_tests[*]}"))
 }
 
 multilib_src_install_all() {
diff --git a/sdk_container/src/third_party/portage-stable/net-dns/c-ares/metadata.xml b/sdk_container/src/third_party/portage-stable/net-dns/c-ares/metadata.xml
index 1b514de33c..38e54d9f2e 100644
--- a/sdk_container/src/third_party/portage-stable/net-dns/c-ares/metadata.xml
+++ b/sdk_container/src/third_party/portage-stable/net-dns/c-ares/metadata.xml
@@ -1,11 +1,12 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
 <pkgmetadata>
-<maintainer type="person">
-  <email>blueness@gentoo.org</email>
-  <name>Anthony G. Basile</name>
-</maintainer>
-<upstream>
-  <remote-id type="cpe">cpe:/a:daniel_stenberg:c-ares</remote-id>
-</upstream>
+	<maintainer type="project">
+		<email>base-system@gentoo.org</email>
+		<name>Gentoo Base System</name>
+	</maintainer>
+	<upstream>
+		<remote-id type="cpe">cpe:/a:daniel_stenberg:c-ares</remote-id>
+		<remote-id type="github">c-ares/c-ares</remote-id>
+	</upstream>
 </pkgmetadata>