diff -Nru avahi-0.8/debian/changelog avahi-0.8/debian/changelog
--- avahi-0.8/debian/changelog	2022-03-23 09:42:05.000000000 +0000
+++ avahi-0.8/debian/changelog	2023-05-31 13:57:11.000000000 +0000
@@ -1,3 +1,12 @@
+avahi (0.8-5ubuntu5.1) jammy-security; urgency=medium
+
+  * SECURITY UPDATE: avahi-daemon can be crashed via DBus
+    - debian/patches/CVE-2023-1981.patch: emit error if requested service
+      is not found in avahi-daemon/dbus-protocol.c.
+    - CVE-2023-1981
+
+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 31 May 2023 09:57:11 -0400
+
 avahi (0.8-5ubuntu5) jammy; urgency=medium
 
   * No-change rebuild for ppc64el baseline bump.
diff -Nru avahi-0.8/debian/patches/CVE-2023-1981.patch avahi-0.8/debian/patches/CVE-2023-1981.patch
--- avahi-0.8/debian/patches/CVE-2023-1981.patch	1970-01-01 00:00:00.000000000 +0000
+++ avahi-0.8/debian/patches/CVE-2023-1981.patch	2023-05-31 13:57:06.000000000 +0000
@@ -0,0 +1,53 @@
+From a2696da2f2c50ac43b6c4903f72290d5c3fa9f6f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
+Date: Thu, 17 Nov 2022 01:51:53 +0100
+Subject: [PATCH] Emit error if requested service is not found
+
+It currently just crashes instead of replying with error. Check return
+value and emit error instead of passing NULL pointer to reply.
+
+Fixes #375
+---
+ avahi-daemon/dbus-protocol.c | 20 ++++++++++++++------
+ 1 file changed, 14 insertions(+), 6 deletions(-)
+
+diff --git a/avahi-daemon/dbus-protocol.c b/avahi-daemon/dbus-protocol.c
+index 70d7687bc..406d0b441 100644
+--- a/avahi-daemon/dbus-protocol.c
++++ b/avahi-daemon/dbus-protocol.c
+@@ -375,10 +375,14 @@ static DBusHandlerResult dbus_get_alternative_host_name(DBusConnection *c, DBusM
+     }
+ 
+     t = avahi_alternative_host_name(n);
+-    avahi_dbus_respond_string(c, m, t);
+-    avahi_free(t);
++    if (t) {
++        avahi_dbus_respond_string(c, m, t);
++        avahi_free(t);
+ 
+-    return DBUS_HANDLER_RESULT_HANDLED;
++        return DBUS_HANDLER_RESULT_HANDLED;
++    } else {
++        return avahi_dbus_respond_error(c, m, AVAHI_ERR_NOT_FOUND, "Hostname not found");
++    }
+ }
+ 
+ static DBusHandlerResult dbus_get_alternative_service_name(DBusConnection *c, DBusMessage *m, DBusError *error) {
+@@ -389,10 +393,14 @@ static DBusHandlerResult dbus_get_alternative_service_name(DBusConnection *c, DB
+     }
+ 
+     t = avahi_alternative_service_name(n);
+-    avahi_dbus_respond_string(c, m, t);
+-    avahi_free(t);
++    if (t) {
++        avahi_dbus_respond_string(c, m, t);
++        avahi_free(t);
+ 
+-    return DBUS_HANDLER_RESULT_HANDLED;
++        return DBUS_HANDLER_RESULT_HANDLED;
++    } else {
++        return avahi_dbus_respond_error(c, m, AVAHI_ERR_NOT_FOUND, "Service not found");
++    }
+ }
+ 
+ static DBusHandlerResult dbus_create_new_entry_group(DBusConnection *c, DBusMessage *m, DBusError *error) {
diff -Nru avahi-0.8/debian/patches/series avahi-0.8/debian/patches/series
--- avahi-0.8/debian/patches/series	2021-07-06 14:13:44.000000000 +0000
+++ avahi-0.8/debian/patches/series	2023-05-31 13:57:06.000000000 +0000
@@ -11,3 +11,4 @@
 avahi-client-fix-resource-leak.patch
 avoid-infinite-loop-in-avahi-daemon-by-handling-hup-event-in-client-work.patch
 CVE-2021-3502.patch
+CVE-2023-1981.patch