Public bug reported:
Scheduled-For: ubuntu-25.11
Ubuntu: 0.8-16ubuntu3
Debian Unstable: 0.8-17
A new release of avahi is available for merging from Debian Unstable.
If it turns out this needs a sync rather than a merge, please change the
tagging from ['dcr-merge'] to ['dcr-sync'], and (optionally) update the
title as desired.
### New Debian Changes ###
avahi (0.8-17) unstable; urgency=medium
* Team upload
[ Lukas Märdian ]
* d/t/local-resolve-service: Add non-superficial DEP-8 test, which
validates resolving of mDNS .local domains and service discovery
[ Simon McVittie ]
* d/control: Build-depend on gobject-introspection, gir1.2-*-dev.
libgirepository1.0-dev is non-multiarch-friendly and should be phased
out during the forky cycle.
* Add patch from upstream 0.9-rc2 to turn off wide-area by default.
(Mitigates: CVE-2024-52615, CVE-2024-52616, #1088110, #1088111)
* Standards-Version: 4.7.2 (no changes required)
-- Simon McVittie <[email protected]> Tue, 09 Sep 2025 10:24:58 +0100
### Old Ubuntu Delta ###
avahi (0.8-16ubuntu3) questing; urgency=medium
* Rebuild to include updated RISC-V base ISA RVA23
-- Heinrich Schuchardt <[email protected]> Wed, 03 Sep
2025 15:02:42 +0000
avahi (0.8-16ubuntu2) plucky; urgency=medium
* d/t/local-resolve-service: Add non-superficial DEP-8 test, which validates
resolving of mDNS .local domains and service discovery. (LP: #2103699)
-- Lukas Märdian <[email protected]> Thu, 20 Mar 2025 10:56:21 +0100
avahi (0.8-16ubuntu1) plucky; urgency=medium
* Merge with Debian unstable (LP: #2098794). Remaining changes:
- avahi-daemon-chroot-fix-bogus-assignments-in-assertions.patch,
avahi-client-fix-resource-leak.patch: Issues discovered by static
analysis (Upstream pull request #202)
- SECURITY UPDATE: Reachable assertions exist in domain functions in
avahi-common
+ debian/patches/CVE-2023-38470-2.patch: bail out when escaped
labels can't fit into ret
+ CVE-2023-38470
- SECURITY UPDATE: Reachable assertions exist in server functions in
avahi-core
+ debian/patches/CVE-2023-38471-2.patch: core: return errors from
avahi_server_set_host_name properly
+ CVE-2023-38471
* Dropped changes, no longer needed:
- Disable lto, see https://bugzilla.redhat.com/show_bug.cgi?id=1907727
[Fixed in 0.8-16]
-- Mateus Rodrigues de Morais <[email protected]> Tue, 18
Feb 2025 16:22:58 -0300
** Affects: avahi (Ubuntu)
Importance: Undecided
Status: New
** Tags: dcr-merge
** Changed in: avahi (Ubuntu)
Milestone: None => ubuntu-25.11
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2130121
Title:
Merge avahi from Debian Unstable for resolute
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/avahi/+bug/2130121/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
