Bug#990900: avahi: CVE-2021-36217

[Salvatore Bonaccorso]

Control: retitle 990900 avahi: CVE-2021-3502
Control: forcemerge 986018 990900

On Sat, Jul 10, 2021 at 11:22:51PM +0200, Salvatore Bonaccorso wrote:
> Source: avahi
> Version: 0.8-5
> Severity: important
> Tags: security upstream
> X-Debbugs-Cc: car...@debian.org, Debian Security Team 
> 
> 
> Hi,
> 
> The following vulnerability was published for avahi.
> 
> CVE-2021-36217[0]:
> | Avahi 0.8 allows a local denial of service (NULL pointer dereference
> | and daemon crash) against avahi-daemon via the D-Bus interface or a
> | "ping .local" command.
> 
> 
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
> 
> For further information see:
> 
> [0] https://security-tracker.debian.org/tracker/CVE-2021-36217
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36217
> [1] https://bugzilla.suse.com/show_bug.cgi?id=1188083

This issue is actually a duplicate of CVE-2021-3502. CVE-2021-36217
got rejected.

Regards,
Salvatore

Bug#990900: avahi: CVE-2021-36217

[Salvatore Bonaccorso]

Source: avahi
Version: 0.8-5
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerability was published for avahi.

CVE-2021-36217[0]:
| Avahi 0.8 allows a local denial of service (NULL pointer dereference
| and daemon crash) against avahi-daemon via the D-Bus interface or a
| "ping .local" command.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2021-36217
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36217
[1] https://bugzilla.suse.com/show_bug.cgi?id=1188083

Regards,
Salvatore