Control: forwarded -1 https://github.com/avahi/avahi/pull/662 Control: tags -1 + fixed-upstream
Hi, On Sat, Nov 23, 2024 at 02:23:34PM +0100, Salvatore Bonaccorso wrote: > Source: avahi > Version: 0.8-13 > Severity: important > Tags: security upstream > X-Debbugs-Cc: car...@debian.org, Debian Security Team > <t...@security.debian.org> > Control: found -1 0.8-10 > > Hi, > > The following vulnerability was published for avahi. > > Filling for having a tracker reference. > > CVE-2024-52615[0]: > | A flaw was found in Avahi-daemon, which relies on fixed source ports > | for wide-area DNS queries. This issue simplifies attacks where > | malicious DNS responses are injected. > > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2024-52615 > https://www.cve.org/CVERecord?id=CVE-2024-52615 > [1] https://github.com/avahi/avahi/security/advisories/GHSA-x6vp-f33h-h32g Appears that this got fixed upstream, cf. https://github.com/avahi/avahi/pull/662 and https://github.com/avahi/avahi/commit/4e2e1ea0908d7e6ad7f38ae04fdcdf2411f8b942 . Regards, Salvatore
