Control: forwarded -1 https://github.com/avahi/avahi/pull/662 Control: tags -1 + fixed-upstream
Hi, On Sat, Nov 23, 2024 at 02:23:34PM +0100, Salvatore Bonaccorso wrote: > Source: avahi > Version: 0.8-13 > Severity: important > Tags: security upstream > X-Debbugs-Cc: [email protected], Debian Security Team > <[email protected]> > Control: found -1 0.8-10 > > Hi, > > The following vulnerability was published for avahi. > > Filling for having a tracker reference. > > CVE-2024-52615[0]: > | A flaw was found in Avahi-daemon, which relies on fixed source ports > | for wide-area DNS queries. This issue simplifies attacks where > | malicious DNS responses are injected. > > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2024-52615 > https://www.cve.org/CVERecord?id=CVE-2024-52615 > [1] https://github.com/avahi/avahi/security/advisories/GHSA-x6vp-f33h-h32g Appears that this got fixed upstream, cf. https://github.com/avahi/avahi/pull/662 and https://github.com/avahi/avahi/commit/4e2e1ea0908d7e6ad7f38ae04fdcdf2411f8b942 . Regards, Salvatore _______________________________________________ Pkg-utopia-maintainers mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-utopia-maintainers
