[Bug 2130121] Re: Merge avahi from Debian Unstable for resolute

Thu, 11 Dec 2025 12:10:30 -0800 

This bug was fixed in the package avahi - 0.8-17ubuntu1

---------------
avahi (0.8-17ubuntu1) resolute; urgency=medium

  * Merge with Debian unstable (LP: #2130121). Remaining changes:
    - avahi-daemon-chroot-fix-bogus-assignments-in-assertions.patch,
      avahi-client-fix-resource-leak.patch: Issues discovered by static
      analysis (Upstream pull request #202)
    - SECURITY UPDATE: Reachable assertions exist in domain functions in
      avahi-common
      + debian/patches/CVE-2023-38470-2.patch: bail out when escaped
        labels can't fit into ret
      + CVE-2023-38470
    - SECURITY UPDATE: Reachable assertions exist in server functions in
      avahi-core
      + debian/patches/CVE-2023-38471-2.patch: core: return errors from
        avahi_server_set_host_name properly
      + CVE-2023-38471
  * Dropped changes applied upstream:
    - d/t/local-resolve-service: Add non-superficial DEP-8 test, which validates
      resolving of mDNS .local domains and service discovery. (LP #2103699)

avahi (0.8-17) unstable; urgency=medium

  * Team upload

  [ Lukas Märdian ]
  * d/t/local-resolve-service: Add non-superficial DEP-8 test, which
    validates resolving of mDNS .local domains and service discovery

  [ Simon McVittie ]
  * d/control: Build-depend on gobject-introspection, gir1.2-*-dev.
    libgirepository1.0-dev is non-multiarch-friendly and should be phased
    out during the forky cycle.
  * Add patch from upstream 0.9-rc2 to turn off wide-area by default.
    (Mitigates: CVE-2024-52615, CVE-2024-52616, #1088110, #1088111)
  * Standards-Version: 4.7.2 (no changes required)

 -- Ural Tunaboyu <[email protected]>  Tue, 02 Dec 2025
16:15:49 -0800

** Changed in: avahi (Ubuntu)
       Status: New => Fix Released

** CVE added: https://cve.org/CVERecord?id=CVE-2023-38470

** CVE added: https://cve.org/CVERecord?id=CVE-2023-38471

** CVE added: https://cve.org/CVERecord?id=CVE-2024-52615

** CVE added: https://cve.org/CVERecord?id=CVE-2024-52616

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2130121

Title:
  Merge avahi from Debian Unstable for resolute

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/avahi/+bug/2130121/+subscriptions


-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to