This bug was fixed in the package avahi - 0.8-16ubuntu1
---------------
avahi (0.8-16ubuntu1) plucky; urgency=medium
* Merge with Debian unstable (LP: #2098794). Remaining changes:
- avahi-daemon-chroot-fix-bogus-assignments-in-assertions.patch,
avahi-client-fix-resource-leak.patch: Issues discovered by static
analysis (Upstream pull request #202)
- SECURITY UPDATE: Reachable assertions exist in domain functions in
avahi-common
+ debian/patches/CVE-2023-38470-2.patch: bail out when escaped
labels can't fit into ret
+ CVE-2023-38470
- SECURITY UPDATE: Reachable assertions exist in server functions in
avahi-core
+ debian/patches/CVE-2023-38471-2.patch: core: return errors from
avahi_server_set_host_name properly
+ CVE-2023-38471
* Dropped changes, no longer needed:
- Disable lto, see https://bugzilla.redhat.com/show_bug.cgi?id=1907727
[Fixed in 0.8-16]
avahi (0.8-16) unstable; urgency=medium
* Stop using embedded copy of sd-daemon.{c,h} and use libsystemd instead.
Fixes build failures with LTO enabled.
This adds a Build-Depends on libsystemd-dev on linux-any.
Patch cherry-picked from upstream Git.
avahi (0.8-15) unstable; urgency=medium
* Fix "Invalid service type" failures using an upstream patch.
The initial patch to address 'avahi-browse -a breaks with "Invalid service
type" if a device sends a malformed service' that was applied to Debian
was not accepted upstream but solved differently. Use that upstream patch
instead.
* Remove inactive Maintainers from Uploaders.
Thanks Loic and Sebastian!
* Add Origin metadata according to DEP-3 for patches that have been cherry
picked
-- Mateus Rodrigues de Morais <mateus.mor...@canonical.com> Tue, 18
Feb 2025 16:22:58 -0300
** Changed in: avahi (Ubuntu)
Status: Fix Committed => Fix Released
** Bug watch added: Red Hat Bugzilla #1907727
https://bugzilla.redhat.com/show_bug.cgi?id=1907727
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-38470
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-38471
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to avahi in Ubuntu.
https://bugs.launchpad.net/bugs/2098794
Title:
Please merge 0.8-16 into plucky
Status in avahi package in Ubuntu:
Fix Released
Bug description:
The upstream version 0.8-16 should be merged into plucky. The current
version is 0.8-14ubuntu1.
* PPA for review: https://launchpad.net/~mateus-
morais/+archive/ubuntu/plucky-merges
Note: this is a tracking bug
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/avahi/+bug/2098794/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
