[Git][security-tracker-team/security-tracker][master] Record applied mitigations for CVE-2024-52615 and CVE-2024-52616

Tue, 09 Sep 2025 12:47:42 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
52a3cfad by Salvatore Bonaccorso at 2025-09-09T21:45:09+02:00
Record applied mitigations for CVE-2024-52615 and CVE-2024-52616

For CVE-2024-52615 a fix appears to exist upstream with
https://github.com/avahi/avahi/commit/4e2e1ea0908d7e6ad7f38ae04fdcdf2411f8b942
but it has so far not been applied.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -92661,6 +92661,7 @@ CVE-2024-52616 (A flaw was found in the Avahi-daemon, 
where it initializes DNS t
        NOTE: turn off wide-area feature: 
https://github.com/avahi/avahi/pull/577
        NOTE: Revisiting of feature: https://github.com/avahi/avahi/issues/578
        NOTE: 
https://github.com/avahi/avahi/security/advisories/GHSA-r9j3-vjjh-p8vm
+       NOTE: Mitiated by default since avahi/0.8-17 with enable-wide-area=no
 CVE-2024-52615 (A flaw was found in Avahi-daemon, which relies on fixed source 
ports f ...)
        - avahi <unfixed> (bug #1088110)
        [trixie] - avahi <no-dsa> (Minor issue; workarounds/mitigation exist by 
setting enable-wide-area=no)
@@ -92674,6 +92675,7 @@ CVE-2024-52615 (A flaw was found in Avahi-daemon, which 
relies on fixed source p
        NOTE: 
https://github.com/avahi/avahi/security/advisories/GHSA-x6vp-f33h-h32g
        NOTE: https://github.com/avahi/avahi/pull/662
        NOTE: Fixed by: 
https://github.com/avahi/avahi/commit/4e2e1ea0908d7e6ad7f38ae04fdcdf2411f8b942
+       NOTE: Mitiated by default since avahi/0.8-17 with enable-wide-area=no 
(but fixing commit not applied)
 CVE-2023-39180 (A flaw was found within the handling of SMB2_READ commands in 
the kern ...)
        - linux 6.5.3-1
        [bookworm] - linux 6.1.55-1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/52a3cfad15cff30d01160b07222ebd151403b45d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/52a3cfad15cff30d01160b07222ebd151403b45d
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to