Control: tags -1 - moreinfo On Fri, Dec 20, 2024 at 07:33:42AM +0100, Salvatore Bonaccorso wrote: > Hi Adrian,
Hi Salvatore, > On Thu, Dec 19, 2024 at 09:24:22AM +0200, Adrian Bunk wrote: >... > > * Fix browsing when invalid services present. > > See https://github.com/lathiat/avahi/issues/212 >... > > 2. A question to the security team is whether the last item should > > get a CVE, there is some discussion in the upstream issue about > > that but apparently none has been assigned. > > Thanks for the pointer, will have a closer look. But it's not strictly > needed. It's crashing avahi-browse only, which would be in any case > minor (likely even more towards unimportant for us), but lets see from > Red Hat if they still aim to assign a CVE. Since there was not yet a resolution to your question upstream, I've uploaded it now to get both this fix and the other CVE fixes into the upcoming point release. If a CVE gets assigned later it won't be listed in the changelog, but that's not a real problem. > Regards, > Salvatore cu Adrian
