diff -Nru avahi-0.7/debian/changelog avahi-0.7/debian/changelog
--- avahi-0.7/debian/changelog	2019-01-30 15:32:00.000000000 +0000
+++ avahi-0.7/debian/changelog	2021-07-06 15:39:41.000000000 +0000
@@ -1,3 +1,12 @@
+avahi (0.7-3.1ubuntu1.3) bionic-security; urgency=medium
+
+  * SECURITY UPDATE: DoS via infinite loop on local socket
+    - debian/patches/CVE-2021-3468.patch: handle HUP event in
+      avahi-daemon/simple-protocol.c.
+    - CVE-2021-3468
+
+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Tue, 06 Jul 2021 11:39:41 -0400
+
 avahi (0.7-3.1ubuntu1.2) bionic-security; urgency=medium
 
   * SECURITY UPDATE: Denial of service
diff -Nru avahi-0.7/debian/patches/CVE-2021-3468.patch avahi-0.7/debian/patches/CVE-2021-3468.patch
--- avahi-0.7/debian/patches/CVE-2021-3468.patch	1970-01-01 00:00:00.000000000 +0000
+++ avahi-0.7/debian/patches/CVE-2021-3468.patch	2021-07-06 15:39:36.000000000 +0000
@@ -0,0 +1,37 @@
+From 447affe29991ee99c6b9732fc5f2c1048a611d3b Mon Sep 17 00:00:00 2001
+From: Riccardo Schirone <sirmy15@gmail.com>
+Date: Fri, 26 Mar 2021 11:50:24 +0100
+Subject: [PATCH] Avoid infinite-loop in avahi-daemon by handling HUP event in
+ client_work
+
+If a client fills the input buffer, client_work() disables the
+AVAHI_WATCH_IN event, thus preventing the function from executing the
+`read` syscall the next times it is called. However, if the client then
+terminates the connection, the socket file descriptor receives a HUP
+event, which is not handled, thus the kernel keeps marking the HUP event
+as occurring. While iterating over the file descriptors that triggered
+an event, the client file descriptor will keep having the HUP event and
+the client_work() function is always called with AVAHI_WATCH_HUP but
+without nothing being done, thus entering an infinite loop.
+
+See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984938
+---
+ avahi-daemon/simple-protocol.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/avahi-daemon/simple-protocol.c b/avahi-daemon/simple-protocol.c
+index 3e0ebb11..6c0274d6 100644
+--- a/avahi-daemon/simple-protocol.c
++++ b/avahi-daemon/simple-protocol.c
+@@ -424,6 +424,11 @@ static void client_work(AvahiWatch *watch, AVAHI_GCC_UNUSED int fd, AvahiWatchEv
+         }
+     }
+ 
++    if (events & AVAHI_WATCH_HUP) {
++        client_free(c);
++        return;
++    }
++
+     c->server->poll_api->watch_update(
+         watch,
+         (c->outbuf_length > 0 ? AVAHI_WATCH_OUT : 0) |
diff -Nru avahi-0.7/debian/patches/series avahi-0.7/debian/patches/series
--- avahi-0.7/debian/patches/series	2019-01-30 15:31:54.000000000 +0000
+++ avahi-0.7/debian/patches/series	2021-07-06 15:39:36.000000000 +0000
@@ -4,3 +4,4 @@
 no-systemd-also.patch
 local-only-services-support.patch
 CVE-2017-6519-and-CVE-2018-1000845.patch
+CVE-2021-3468.patch