Your message dated Wed, 19 Apr 2023 12:19:02 +0000
with message-id <[email protected]>
and subject line Bug#1034594: fixed in avahi 0.8-10
has caused the Debian Bug report #1034594,
regarding avahi: CVE-2023-1981
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1034594: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034594
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: avahi
Version: 0.8-9
Severity: important
Tags: security upstream
Forwarded: https://github.com/lathiat/avahi/issues/375
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for avahi.
CVE-2023-1981[0]:
| avahi-daemon can be crashed via DBus
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-1981
https://www.cve.org/CVERecord?id=CVE-2023-1981
[1] https://github.com/lathiat/avahi/issues/375
[2]
https://github.com/lathiat/avahi/commit/a2696da2f2c50ac43b6c4903f72290d5c3fa9f6f
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: avahi
Source-Version: 0.8-10
Done: Michael Biebl <[email protected]>
We believe that the bug you reported is fixed in the latest version of
avahi, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Biebl <[email protected]> (supplier of updated avahi package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 19 Apr 2023 13:51:49 +0200
Source: avahi
Architecture: source
Version: 0.8-10
Distribution: unstable
Urgency: medium
Maintainer: Utopia Maintenance Team
<[email protected]>
Changed-By: Michael Biebl <[email protected]>
Closes: 1034594
Changes:
avahi (0.8-10) unstable; urgency=medium
.
[ Felix Geyer ]
* Remove dependency on bind9-host.
Originally added in #433030, no longer needed as the
avahi-daemon-check-dns.sh script is no longer shipped.
.
[ Michael Biebl ]
* Emit error if requested service is not found.
Fixes a potential local DoS where the avahi daemon could be crashed by
an unprivileged user via a D-Bus call.
(CVE-2023-1981, Closes: #1034594)
* Update watch file to get tarballs directly from avahi.org again.
The recent changes in GitHub broke the current watch file.
As new releases are again uploaded to avahi.org, get the release
tarballs from there.
Checksums-Sha1:
e4800d22d38476c30ec01901a7b1e3cd9ff0fe3e 3901 avahi_0.8-10.dsc
663cfd33d6197dbcbf04a872eb385a4afb75bcf5 38136 avahi_0.8-10.debian.tar.xz
88f5b91f67a1cfcff03c28d985eae4710f693427 8022 avahi_0.8-10_source.buildinfo
Checksums-Sha256:
41fb69131632dc37c480260fff8de556c226ded22c26cb5e4a04b0762b55fead 3901
avahi_0.8-10.dsc
fdb83a68eae0d59d37ded3bc05350ff92d9dc0b6d312493b159af3025dd5520b 38136
avahi_0.8-10.debian.tar.xz
bcadd049d17bc8323e50b573e6ac01057b3a301d9f6f56b23e8b6dc632417365 8022
avahi_0.8-10_source.buildinfo
Files:
78862c2aee3aa169edb9fb4729b2e272 3901 net optional avahi_0.8-10.dsc
1997913ff797efdb82b0397a0e82cad1 38136 net optional avahi_0.8-10.debian.tar.xz
f7950712be6f23b0b0d8af5e6588dcbe 8022 net optional
avahi_0.8-10_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEECbOsLssWnJBDRcxUauHfDWCPItwFAmQ/1skACgkQauHfDWCP
Itz1nQ//aKambpSMFmsZFAwNniQ/z33Hn2fF967Do8NW7vdhX1QW9OxkUuxQS2Cp
730Mz5+54Z0OmWGmGYlWNgjovJJAmNHsTVysGrpcKj3g3VJnjXQhnGrg2aIs5kPu
ij/CWAUIxMcgeBf44Ojviztyp7YUocyrAj7qKi9qW0Ut3ms+SfL+BbJttJrk1MDy
b6PkHWABAf3UXqAlH7OdRLzMt0eT6dNQm4kWgAY66O4wBWCN4TcY+sjf1NKF6qzk
S/3I5uGRJPzsT7TbdXaQgVipohrE2xfxniJH0Eg8AHruIxAkeerOgWBU3hw3bprh
SAWFWinjWYjZaswIwlr+FTWcNwRu2GDgWVPHN+4wP/Xq732PCBqZv2BglKz3Y//e
Ouzzc+iRxijuOcVXV+C18O6gjEe0ACSg7NvC9y3wMYDHh7r8OEfqLM4kAKlSzGY2
kxbx9Gd63kztSM6qwVyU655XedUVx9n2ouy5UmoPlyTVbADGuZyVtYvSH4SkMART
Z7NuUx7UW3miEqDqhQ81p7GmffzRXAuvELekBo3fSNrWrqiFXOpTnkqrvMjmQL+g
fig9+pVz1/Er5npAPDWo2X+n9k52GesYrZuzDkJimFxBrAt33qDDTyAkZpWX27U3
oTY8XcIEwKhAYzRbtxfbvAX+ki7x/buVRtApp8ufL30Df3OC5AE=
=dJ8Q
-----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________
Pkg-utopia-maintainers mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-utopia-maintainers
