-
avahi (0.8-5ubuntu5.2) jammy-security; urgency=medium
* SECURITY UPDATE: Reachable assertions exist in server functions of
avahi-core
- debian/patches/CVE-2023-38469-1.patch: reject overly long TXT
resource records
- debian/patches/CVE-2023-38469-2.patch: tests: pass overly long TXT
resource records
- CVE-2023-38469
* SECURITY UPDATE: Reachable assertions exist in domain functions in
avahi-common
- debian/patches/CVE-2023-38470-1.patch: Ensure each label is at least
one byte long
- debian/patches/CVE-2023-38470-2.patch: bail out when escaped labels
can't fit into ret
- CVE-2023-38470
* SECURITY UPDATE: Reachable assertions exist in server functions in
avahi-core
- debian/patches/CVE-2023-38471-1.patch: core: extract host name using
avahi_unescape_label()
- debian/patches/CVE-2023-38471-2.patch: core: return errors from
avahi_server_set_host_name properly
- CVE-2023-38471
* SECURITY UPDATE: Reachable assertions exist in dbus functions in
avahi-daemon
- debian/patches/CVE-2023-38472.patch: core: make sure there is rdata
to process before parsing it
- CVE-2023-38472
* SECURITY UPDATE: Reachable assertions exist in alternative functions
in avahi-common
- debian/patches/CVE-2023-38473.patch: common: derive alternative host
name from its unescaped version
- CVE-2023-38473
-- Nick Galanis <email address hidden> Thu, 16 Nov 2023 16:37:03 +0000
-
avahi (0.8-5ubuntu5.1) jammy-security; urgency=medium
* SECURITY UPDATE: avahi-daemon can be crashed via DBus
- debian/patches/CVE-2023-1981.patch: emit error if requested service
is not found in avahi-daemon/dbus-protocol.c.
- CVE-2023-1981
-- Marc Deslauriers <email address hidden> Wed, 31 May 2023 09:57:11 -0400
-
avahi (0.8-5ubuntu5) jammy; urgency=medium
* No-change rebuild for ppc64el baseline bump.
-- Ćukasz 'sil2100' Zemczak <email address hidden> Wed, 23 Mar 2022 10:42:05 +0100
-
avahi (0.8-5ubuntu4) impish; urgency=medium
* SECURITY UPDATE: DoS in avahi_s_host_name_resolver_start
- debian/patches/CVE-2021-3502.patch: fix multiple null pointer crashes
in avahi-core/browse-dns-server.c, avahi-core/browse-domain.c,
avahi-core/browse-service-type.c, avahi-core/browse-service.c,
avahi-core/browse.c, avahi-core/resolve-address.c,
avahi-core/resolve-host-name.c, avahi-core/resolve-service.c.
- CVE-2021-3502
-- Marc Deslauriers <email address hidden> Tue, 06 Jul 2021 10:13:47 -0400