Hi Adrian, On Sat, Jan 04, 2025 at 05:12:40PM +0200, Adrian Bunk wrote: > Control: tags -1 - moreinfo > > On Fri, Dec 20, 2024 at 07:33:42AM +0100, Salvatore Bonaccorso wrote: > > Hi Adrian, > > Hi Salvatore, > > > On Thu, Dec 19, 2024 at 09:24:22AM +0200, Adrian Bunk wrote: > >... > > > * Fix browsing when invalid services present. > > > See https://github.com/lathiat/avahi/issues/212 > >... > > > 2. A question to the security team is whether the last item should > > > get a CVE, there is some discussion in the upstream issue about > > > that but apparently none has been assigned. > > > > Thanks for the pointer, will have a closer look. But it's not strictly > > needed. It's crashing avahi-browse only, which would be in any case > > minor (likely even more towards unimportant for us), but lets see from > > Red Hat if they still aim to assign a CVE. > > Since there was not yet a resolution to your question upstream, > I've uploaded it now to get both this fix and the other CVE fixes > into the upcoming point release. > > If a CVE gets assigned later it won't be listed in the changelog, > but that's not a real problem.
absolutely, thanks for the upload! I do not even think it warrants a CVE, but in case someone follows up on the question and one get assigned we always can retrospectively update the data. So fully agree with you that you uploaded the diff as proposed. Regards, Salvatore
