Your message dated Sat, 04 Jan 2025 17:47:08 +0000
with message-id <e1tu8eu-006ptx...@fasolo.debian.org>
and subject line Bug#1054880: fixed in avahi 0.8-10+deb12u1
has caused the Debian Bug report #1054880,
regarding avahi: CVE-2023-38473
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1054880: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054880
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: avahi
Version: 0.8-12
Severity: important
Tags: security upstream
Forwarded: https://github.com/lathiat/avahi/issues/451
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi,
The following vulnerability was published for avahi.
CVE-2023-38473[0]:
| Reachable assertion in avahi_alternative_host_name
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-38473
https://www.cve.org/CVERecord?id=CVE-2023-38473
[1] https://github.com/lathiat/avahi/issues/451
[2] https://github.com/lathiat/avahi/pull/486
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: avahi
Source-Version: 0.8-10+deb12u1
Done: Adrian Bunk <b...@debian.org>
We believe that the bug you reported is fixed in the latest version of
avahi, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1054...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Adrian Bunk <b...@debian.org> (supplier of updated avahi package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 19 Dec 2024 09:01:14 +0200
Source: avahi
Architecture: source
Version: 0.8-10+deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: Utopia Maintenance Team
<pkg-utopia-maintain...@lists.alioth.debian.org>
Changed-By: Adrian Bunk <b...@debian.org>
Closes: 1054876 1054877 1054878 1054879 1054880
Changes:
avahi (0.8-10+deb12u1) bookworm; urgency=medium
.
* Non-maintainer upload.
.
[ Michael Biebl ]
* core: make sure there is rdata to process before parsing it.
Patch cherry-picked from upstream Git.
(CVE-2023-38472, Closes: #1054879)
* core: reject overly long TXT resource records.
Patches cherry-picked from upstream Git.
(CVE-2023-38469, Closes: #1054876)
* Ensure each label is at least one byte long.
Patch cherry-picked from upstream Git.
(CVE-2023-38470, Closes: #1054877)
* core: extract host name using avahi_unescape_label()
Patch cherry-picked from upstream Git.
(CVE-2023-38471, Closes: #1054878)
* common: derive alternative host name from its unescaped version.
Patch cherry-picked from upstream Git.
(CVE-2023-38473, Closes: #1054880)
* Fix browsing when invalid services present.
See https://github.com/lathiat/avahi/issues/212
Checksums-Sha1:
be4bde27bdb8d9c01240955b78c03f1bf4112e4c 3933 avahi_0.8-10+deb12u1.dsc
969a50ae18c8d8e2288435a75666dd076e69852a 1591458 avahi_0.8.orig.tar.gz
5cc25122e3ee64a1264d954ff57e2dedb3f56b57 42832
avahi_0.8-10+deb12u1.debian.tar.xz
Checksums-Sha256:
807cf0a281a0e90207d05cd74dc2c9b5905458f3fe236fbf1bf6d246987dd874 3933
avahi_0.8-10+deb12u1.dsc
060309d7a333d38d951bc27598c677af1796934dbd98e1024e7ad8de798fedda 1591458
avahi_0.8.orig.tar.gz
16b564d442c919d9b731a3b04c4d11be8ff5e77e79db9eb692527e5acfb53966 42832
avahi_0.8-10+deb12u1.debian.tar.xz
Files:
96c4e9e428506a38e67435df04802123 3933 net optional avahi_0.8-10+deb12u1.dsc
229c6aa30674fc43c202b22c5f8c2be7 1591458 net optional avahi_0.8.orig.tar.gz
d434c240237802ce93788ece839c61cc 42832 net optional
avahi_0.8-10+deb12u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmd5QO8ACgkQiNJCh6LY
mLHG6hAAxWoR3jJ904p4D/Nt1V37HleadnQDRfJyJJZvC08116l/hotSg86BHbRL
SCdphR4Ku6NytioPENAsrqT1osXEfngYGyM/owH/YSHcgS7iMBm0gO1c53N7Q9/U
8VqZFEa44C61BaPMc4chYUWQqJy9EkZB1R8GzxUPD4SZ1Gm5ggqcfsE1MVK8T9sA
vMwQ5IkKryQVFQeVKDJWiDrgunutrkt83XI2nDx3Q6gw61irBUUfG8dHgXdWEx+x
YfUgmADusSrCwTpzxpX9opuoWwK5V2+Ni01rG+heyff2E+YvXl/cMb7oPqYRcc1a
YD9BVEmvEpZbIKvIl3RtQ5e2gplv3K3VVfFNlJiosMAzJ08jPGXhQnYz6Cg3QQ0Q
CaecvTZDJ/r50Ubzm/kYs03vDIu3+OscSwXEuZGxsDYt+HYTEYExivfzB4w6klIh
DePjpPzPgJ9ANm7D0IoCIhvzMoRLGOmHKg+2te0gVoNPVhHs8aK1adTMpdG1NuJ4
HvA2p93CSh7dcR7aRglgr4YPWkEyDu9zu+xBS9av8D/gE2Cr6agXXle+7quKgf/e
6jC4ct/eSx3Psg/+2q+EITciIbPenjIOZ0BHqzshqKWbbwOlQbWhhxE2Yx/Iy+Ns
4DbNd78ZXeUpENP/svuboDmioiOFVhzVSJ5jWeCeH8jaqLvmyc4=
=xckb
-----END PGP SIGNATURE-----
pgpOd0_P4H7TG.pgp
Description: PGP signature
--- End Message ---
_______________________________________________
Pkg-utopia-maintainers mailing list
Pkg-utopia-maintainers@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-utopia-maintainers
