Am 07.01.25 um 16:18 schrieb Radoslaw Chmielewski:
Hi,Can you advice when we can expect fix an issue linked to CVE-2024-52615and CVE-2024-52616?
I can't give any advice on an expected time frame, no.Given that you are asking the Debian maintainers of avahi, I assume you want to know when a fixed Debian package is available. An upstream fix is a prerequisite for that which doesn't exist at this point.
If you want to monitor any progress regarding those two issues you can subscribe to the downstream bug reports
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088110 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088111 or the upstream advisories at https://github.com/avahi/avahi/security/advisories/GHSA-x6vp-f33h-h32g https://github.com/avahi/avahi/security/advisories/GHSA-r9j3-vjjh-p8vmAs for CVE-2024-52616, you can mitigate the issue by turning off wide-area in /etc/avahi/avahi-daemon.conf
https://github.com/avahi/avahi/pull/577/files Regards, Michael
OpenPGP_signature.asc
Description: OpenPGP digital signature
_______________________________________________ Pkg-utopia-maintainers mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-utopia-maintainers
