Change logs for avahi source package in Jammy

  • avahi (0.8-5ubuntu5.2) jammy-security; urgency=medium
    
      * SECURITY UPDATE: Reachable assertions exist in server functions of
        avahi-core
        - debian/patches/CVE-2023-38469-1.patch: reject overly long TXT
          resource records
        - debian/patches/CVE-2023-38469-2.patch: tests: pass overly long TXT
          resource records
        - CVE-2023-38469
    
      * SECURITY UPDATE: Reachable assertions exist in domain functions in
        avahi-common
        - debian/patches/CVE-2023-38470-1.patch: Ensure each label is at least
          one byte long
        - debian/patches/CVE-2023-38470-2.patch: bail out when escaped labels
          can't fit into ret
        - CVE-2023-38470
    
      * SECURITY UPDATE: Reachable assertions exist in server functions in
        avahi-core
        - debian/patches/CVE-2023-38471-1.patch: core: extract host name using
          avahi_unescape_label()
        - debian/patches/CVE-2023-38471-2.patch: core: return errors from
          avahi_server_set_host_name properly
        - CVE-2023-38471
    
      * SECURITY UPDATE: Reachable assertions exist in dbus functions in
        avahi-daemon
        - debian/patches/CVE-2023-38472.patch: core: make sure there is rdata
          to process before parsing it
        - CVE-2023-38472
    
      * SECURITY UPDATE: Reachable assertions exist in alternative functions
        in avahi-common
        - debian/patches/CVE-2023-38473.patch: common: derive alternative host
          name from its unescaped version
        - CVE-2023-38473
    
     -- Nick Galanis <email address hidden>  Thu, 16 Nov 2023 16:37:03 +0000
  • avahi (0.8-5ubuntu5.1) jammy-security; urgency=medium
    
      * SECURITY UPDATE: avahi-daemon can be crashed via DBus
        - debian/patches/CVE-2023-1981.patch: emit error if requested service
          is not found in avahi-daemon/dbus-protocol.c.
        - CVE-2023-1981
    
     -- Marc Deslauriers <email address hidden>  Wed, 31 May 2023 09:57:11 -0400
  • avahi (0.8-5ubuntu5) jammy; urgency=medium
    
      * No-change rebuild for ppc64el baseline bump.
    
     -- Ɓukasz 'sil2100' Zemczak <email address hidden>  Wed, 23 Mar 2022 10:42:05 +0100
  • avahi (0.8-5ubuntu4) impish; urgency=medium
    
      * SECURITY UPDATE: DoS in avahi_s_host_name_resolver_start
        - debian/patches/CVE-2021-3502.patch: fix multiple null pointer crashes
          in avahi-core/browse-dns-server.c, avahi-core/browse-domain.c,
          avahi-core/browse-service-type.c, avahi-core/browse-service.c,
          avahi-core/browse.c, avahi-core/resolve-address.c,
          avahi-core/resolve-host-name.c, avahi-core/resolve-service.c.
        - CVE-2021-3502
    
     -- Marc Deslauriers <email address hidden>  Tue, 06 Jul 2021 10:13:47 -0400