-
avahi (0.7-4ubuntu7.3) focal-security; urgency=medium
* SECURITY UPDATE: Reachable assertions exist in server functions of
avahi-core
- debian/patches/CVE-2023-38469-1.patch: reject overly long TXT
resource records
- debian/patches/CVE-2023-38469-2.patch: tests: pass overly long TXT
resource records
- CVE-2023-38469
* SECURITY UPDATE: Reachable assertions exist in domain functions in
avahi-common
- debian/patches/CVE-2023-38470-1.patch: Ensure each label is at least
one byte long
- debian/patches/CVE-2023-38470-2.patch: bail out when escaped labels
can't fit into ret
- CVE-2023-38470
* SECURITY UPDATE: Reachable assertions exist in server functions in
avahi-core
- debian/patches/CVE-2023-38471-1.patch: core: extract host name using
avahi_unescape_label()
- debian/patches/CVE-2023-38471-2.patch: core: return errors from
avahi_server_set_host_name properly
- CVE-2023-38471
* SECURITY UPDATE: Reachable assertions exist in dbus functions in
avahi-daemon
- debian/patches/CVE-2023-38472.patch: core: make sure there is rdata
to process before parsing it
- CVE-2023-38472
* SECURITY UPDATE: Reachable assertions exist in alternative functions
in avahi-common
- debian/patches/CVE-2023-38473.patch: common: derive alternative host
name from its unescaped version
- CVE-2023-38473
-- Nick Galanis <email address hidden> Thu, 16 Nov 2023 15:26:56 +0000
-
avahi (0.7-4ubuntu7.2) focal-security; urgency=medium
* SECURITY UPDATE: avahi-daemon can be crashed via DBus
- debian/patches/CVE-2023-1981.patch: emit error if requested service
is not found in avahi-daemon/dbus-protocol.c.
- CVE-2023-1981
-- Marc Deslauriers <email address hidden> Wed, 31 May 2023 09:59:47 -0400
-
avahi (0.7-4ubuntu7.1) focal-security; urgency=medium
* SECURITY UPDATE: DoS via infinite loop on local socket
- debian/patches/CVE-2021-3468.patch: handle HUP event in
avahi-daemon/simple-protocol.c.
- CVE-2021-3468
-- Marc Deslauriers <email address hidden> Tue, 06 Jul 2021 11:39:14 -0400
-
avahi (0.7-4ubuntu7) focal; urgency=medium
* Remove avahi-daemon-check-dns.sh hack, the feature is provided by
libnss-mdns now (lp: #1870824)
* debian/patches/local-only-services-support.patch:
- replaced by the upstream commited version, part of the code which
was there to workaround a ippusbxd issue has been removed since
the problem has been resolved in cups now
-- Sebastien Bacher <email address hidden> Wed, 08 Apr 2020 13:43:27 +0200
-
avahi (0.7-4ubuntu6) focal; urgency=medium
* No-change rebuild to generate dependencies on python2.
-- Matthias Klose <email address hidden> Tue, 17 Dec 2019 12:30:55 +0000
-
avahi (0.7-4ubuntu5) disco; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2017-6519-and-CVE-2018-1000845.patch:
fix in avahi-core/server.c.
- CVE-2017-6519
- CVE-2018-1000845
-- <email address hidden> (Leonidas S. Barbosa) Wed, 30 Jan 2019 12:33:23 -0300
