Avahi-daemon is a security risk and does allow crossing of privilege boundaries because it makes possible automatic connections among hosts on the network irrespective of the policies set up by network administrators.
This is an argument that we went through in Hardy LTS. The compromise was to make avahi-daemon a recommends. This bug is a regression from Hardy LTS. Loye Young [email protected] 281-968-0828 On Tue, Apr 13, 2010 at 10:58 AM, Jamie Strandboge <[email protected]> wrote: > Thanks for taking the time to report this bug and helping to make Ubuntu > better. We appreciate the difficulties you are facing, but this appears > to be a "regular" (non-security) bug. I have unmarked it as a security > issue since this bug does not show evidence of allowing attackers to > cross privilege boundaries nor directly cause loss of data/privacy. > Please feel free to report any other bugs you may find. > > ** This bug is no longer flagged as a security vulnerability > > -- > avahi-daemon should be downgraded to a recommends dependency > https://bugs.launchpad.net/bugs/559770 > You received this bug notification because you are a direct subscriber > of the bug. > -- avahi-daemon should be downgraded to a recommends dependency https://bugs.launchpad.net/bugs/559770 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
