Your message dated Sun, 01 Feb 2026 16:48:59 +0000
with message-id <[email protected]>
and subject line Bug#1088111: fixed in avahi 0.8-18
has caused the Debian Bug report #1088111,
regarding avahi: CVE-2024-52616: Avahi Wide-Area DNS Predictable Transaction IDs
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1088111: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088111
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: avahi
Version: 0.8-13
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Control: found -1 0.8-10
Hi,
The following vulnerability was published for avahi.
Filling to the BTS to get a cross reference in the tracker.
CVE-2024-52616[0]:
| A flaw was found in the Avahi-daemon, where it initializes DNS
| transaction IDs randomly only once at startup, incrementing them
| sequentially after that. This predictable behavior facilitates DNS
| spoofing attacks, allowing attackers to guess transaction IDs.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-52616
https://www.cve.org/CVERecord?id=CVE-2024-52616
[1] https://github.com/avahi/avahi/security/advisories/GHSA-r9j3-vjjh-p8vm
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: avahi
Source-Version: 0.8-18
Done: Michael Biebl <[email protected]>
We believe that the bug you reported is fixed in the latest version of
avahi, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Biebl <[email protected]> (supplier of updated avahi package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 01 Feb 2026 16:54:47 +0100
Source: avahi
Architecture: source
Version: 0.8-18
Distribution: unstable
Urgency: medium
Maintainer: Utopia Maintenance Team
<[email protected]>
Changed-By: Michael Biebl <[email protected]>
Closes: 1088111 1125417 1125418 1125419 1126342
Changes:
avahi (0.8-18) unstable; urgency=medium
.
[ Simon McVittie ]
* d/copyright: Don't quote the FSF's former postal address here
.
[ Michael Biebl ]
* core: refuse to create wide-area record browsers when wide-area is off.
Patch cherry-picked from upstream Git
CVE-2025-68276 (Closes: #1125417)
* core: fix DoS bug by removing incorrect assertion.
Patch cherry-picked from upstream Git
CVE-2025-68468 (Closes: #1125418)
* core: fix DoS bug by changing assert to return.
Patch cherry-picked from upstream Git
CVE-2025-68471 (Closes: #1125419)
* core: fix uncontrolled recursion bug using a simple loop detection
algorithm.
Patch cherry-picked from upstream Git
CVE-2026-24401 (Closes: #1126342)
* Randomize transaction IDs in wide area queries.
Patch cherry-picked from upstream Git.
CVE-2024-52616 (Closes: #1088111)
* Bump Standards-Version to 4.7.3
Checksums-Sha1:
2c9cbe1edc6d2680d309931a1e3bbbe1a23840cf 4239 avahi_0.8-18.dsc
a197533bf4e85da80fa791a6e279c999512d563e 56900 avahi_0.8-18.debian.tar.xz
9eab43ced56124567ebdbdc95fce556ff371db1e 6165 avahi_0.8-18_source.buildinfo
Checksums-Sha256:
6afec72b7c375af1a45dbd1a1d1b8ce7b6cddb2d4fbf195343c8eb392b4b869d 4239
avahi_0.8-18.dsc
c86a48343533c75ae57e1f66818f9f9a2bb311394188c36f6719c7240d1e7109 56900
avahi_0.8-18.debian.tar.xz
67a1f60e8fc6876da4f7b58ffe29be699c92234813c71bfcc810b55d2eb57199 6165
avahi_0.8-18_source.buildinfo
Files:
82f3b4cad9491f5da06c5b119ecf416a 4239 net optional avahi_0.8-18.dsc
31b87fe663951a7a20385e98bfa75e25 56900 net optional avahi_0.8-18.debian.tar.xz
5a1a0db01540657ce71f63561af79249 6165 net optional
avahi_0.8-18_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEECbOsLssWnJBDRcxUauHfDWCPItwFAml/gMUACgkQauHfDWCP
ItxcbxAAiz7FKpRtkPzCmA0AkiRTZhAPmjMeoRtFdhDKGKjd/86zpHfmE6TDPIvD
QGSxWrCutKAqqyyazBgX6boGvhyuNMXsMLhun8prd/S+cE0B2KjjUg6NBvg66k4Y
ghX1XrwGBcFK523VkH4BGyyRkYvFeaba2F1w/ielxPbzk2LLD1+1bnGYRG8kPrLQ
nl5KOb5TvwgdiRBkS3MfwGea4tVENy5o4Lg4u+iG6It5KhF49wVXPyZdybI8BBIx
0mnELLHfNZwyYhkfCO9KB+D8M6blyX1k22vf6637nc0EQ0BSZlYdHxHyEE+fI5q2
XHN+L6rYIe+PQI96ft61HRgWBPaBlEJr1MBzx7Z/KLhqMwNWq6GivLPz/gkZ5Hf7
bo8sgXzKQc1M2czdf8UBs4UZdYieQGoZvI9EfRO3Ijx1/vqIqFF5wySLzDworgui
76QucBn8+UjY8uL62RxrPuFhlXJPQXxiBwy9kg1n4MIXLlhAO8blKvQV7tsjimtN
HPvUm9KlTUS+oSzrT87my1GzUCs8wL/p/05rSR/UBjp8BX/ggMdu0HXOf0S7PGgK
iVfC/wOmjX8yHBitg/HeUnKuo4zXZMEsWgI7ayd9wgCBe9+JSViNcGcSoYgb6qGZ
DMtCSQezOBz3XwLKFtXp6l9qiEXCtC0B2VE88SEGrzIJ1PWKv1Q=
=gFln
-----END PGP SIGNATURE-----
pgpBe2jh_te3f.pgp
Description: PGP signature
--- End Message ---
_______________________________________________
Pkg-utopia-maintainers mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-utopia-maintainers
