Am 09.01.25 um 12:07 schrieb Michael Biebl:
Am 07.01.25 um 16:18 schrieb Radoslaw Chmielewski:Hi,Can you advice when we can expect fix an issue linked to CVE-2024-52615and CVE-2024-52616?I can't give any advice on an expected time frame, no.Given that you are asking the Debian maintainers of avahi, I assume you want to know when a fixed Debian package is available. An upstream fix is a prerequisite for that which doesn't exist at this point.If you want to monitor any progress regarding those two issues you can subscribe to the downstream bug reportshttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088110 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088111 or the upstream advisories at https://github.com/avahi/avahi/security/advisories/GHSA-x6vp-f33h-h32g https://github.com/avahi/avahi/security/advisories/GHSA-r9j3-vjjh-p8vmAs for CVE-2024-52616, you can mitigate the issue by turning off wide- area in /etc/avahi/avahi-daemon.conf
Actually, since CVE-2024-52615 is also related to wide-area, turning that feature off should mitigate this as well.
OpenPGP_signature.asc
Description: OpenPGP digital signature
_______________________________________________ Pkg-utopia-maintainers mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-utopia-maintainers
