Bugzilla Automation <[email protected]> has asked freebsd-desktop (Team) <[email protected]> for maintainer-feedback: Bug 291860: net/avahi-app: vulnerable to CVE-2025-59529 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=291860
--- Description --- 0.8 is vulerable to: CVE-2025-59529 - simple protocol server ignores the documented client limit and accepts unlimited connections, allowing for easy local DoS For more information please read: https://github.com/avahi/avahi/security/advisories/GHSA-73wf-3xmj-x82q However, `0.9` has not been released yet, and the only patched version is `0.9-rc2`. The patch could be cherry picked and applied to the port, however due to this being a moderate cve which is local-only, and is a denial of service, it really doesn't seem to be a big deal. Nethertheless, I have created an issue to track this. I have also attached a vuxml for the CVE.
