avahi - Debian Package Tracker

general

source: avahi (main)
version: 0.8-14
maintainer: Utopia Maintenance Team (archive) (DMD)
uploaders: Sjoerd Simons [DMD] – Sebastian Dröge [DMD] – Michael Biebl [DMD] – Loic Minier [DMD]
arch: all any
std-ver: 4.7.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 0.7-4+deb10u1
o-o-sec: 0.7-4+deb10u3
oldstable: 0.8-5+deb11u2
old-sec: 0.8-5+deb11u3
stable: 0.8-10
testing: 0.8-15
unstable: 0.8-15

versioned links

0.7-4+deb10u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.7-4+deb10u3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.8-5+deb11u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.8-5+deb11u3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.8-10: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.8-15: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

avahi-autoipd (6 bugs: 0, 4, 2, 0)
avahi-daemon (39 bugs: 0, 33, 6, 0)
avahi-discover
avahi-dnsconfd
avahi-ui-utils
avahi-utils (4 bugs: 0, 3, 1, 0)
gir1.2-avahi-0.6
libavahi-client-dev
libavahi-client3
libavahi-common-data
libavahi-common-dev
libavahi-common3
libavahi-compat-libdnssd-dev
libavahi-compat-libdnssd1
libavahi-core-dev
libavahi-core7
libavahi-glib-dev
libavahi-glib1
libavahi-gobject-dev
libavahi-gobject0
libavahi-ui-gtk3-0
libavahi-ui-gtk3-dev
python3-avahi

action needed

2 security issues in trixie high

There are 2 open security issues in trixie.

2 important issues:

CVE-2024-52615: A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where malicious DNS responses are injected.
CVE-2024-52616: A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after that. This predictable behavior facilitates DNS spoofing attacks, allowing attackers to guess transaction IDs.

Created: 2023-10-05 Last update: 2024-12-19 12:00

2 security issues in sid high

There are 2 open security issues in sid.

2 important issues:

CVE-2024-52615: A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where malicious DNS responses are injected.
CVE-2024-52616: A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after that. This predictable behavior facilitates DNS spoofing attacks, allowing attackers to guess transaction IDs.

Created: 2023-10-05 Last update: 2024-12-19 12:00

lintian reports 3 warnings high

Lintian reports 3 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2023-09-08 Last update: 2024-07-31 12:31

AppStream hints: 3 warnings normal

AppStream found metadata issues for packages:

avahi-discover: 1 warning
avahi-ui-utils: 2 warnings

You should get rid of them to provide more metadata about this software.

Created: 2020-06-01 Last update: 2022-06-06 08:33

2 low-priority security issues in bookworm low

There are 2 open security issues in bookworm.

2 issues left for the package maintainer to handle:

CVE-2024-52615: (needs triaging) A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where malicious DNS responses are injected.
CVE-2024-52616: (needs triaging) A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after that. This predictable behavior facilitates DNS spoofing attacks, allowing attackers to guess transaction IDs.

You can find information about how to handle these issues in the security team's documentation.

5 issues that should be fixed with the next stable update:

CVE-2023-38469: A vulnerability was found in Avahi, where a reachable assertion exists in avahi_dns_packet_append_record.
CVE-2023-38470: A vulnerability was found in Avahi. A reachable assertion exists in the avahi_escape_label() function.
CVE-2023-38471: A vulnerability was found in Avahi. A reachable assertion exists in the dbus_set_host_name function.
CVE-2023-38472: A vulnerability was found in Avahi. A reachable assertion exists in the avahi_rdata_parse() function.
CVE-2023-38473: A vulnerability was found in Avahi. A reachable assertion exists in the avahi_alternative_host_name() function.

Created: 2023-10-05 Last update: 2024-12-19 12:00

debian/patches: 19 patches to forward upstream low

Among the 24 debian patches available in version 0.8-15 of the package, we noticed the following issues:

19 patches where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2023-02-26 Last update: 2024-12-05 08:00

news

[rss feed]

[2024-12-10] avahi 0.8-15 MIGRATED to testing (Debian testing watch)
[2024-12-09] Accepted avahi 0.8-5+deb11u3 (source) into oldstable-security (Adrian Bunk)
[2024-12-04] Accepted avahi 0.8-15 (source) into unstable (Michael Biebl)
[2024-11-30] Accepted avahi 0.8-14 (source) into unstable (Michael Biebl)
[2023-11-13] avahi 0.8-13 MIGRATED to testing (Debian testing watch)
[2023-11-07] Accepted avahi 0.8-13 (source) into unstable (Simon McVittie)
[2023-10-25] avahi 0.8-12 MIGRATED to testing (Debian testing watch)
[2023-10-25] avahi 0.8-12 MIGRATED to testing (Debian testing watch)
[2023-10-20] Accepted avahi 0.8-12 (source) into unstable (Simon McVittie)
[2023-09-15] avahi 0.8-11 MIGRATED to testing (Debian testing watch)
[2023-09-07] Accepted avahi 0.8-11 (source) into unstable (Michael Biebl)
[2023-06-21] Accepted avahi 0.7-4+deb10u3 (source) into oldoldstable (Bastien Roucariès) (signed by: Bastien ROUCARIÈS)
[2023-05-02] Accepted avahi 0.7-4+deb10u2 (source amd64 all) into oldstable (Chris Lamb)
[2023-04-24] avahi 0.8-10 MIGRATED to testing (Debian testing watch)
[2023-04-19] Accepted avahi 0.8-10 (source) into unstable (Michael Biebl)
[2023-03-01] avahi 0.8-9 MIGRATED to testing (Debian testing watch)
[2023-02-18] Accepted avahi 0.8-9 (source) into unstable (Michael Biebl)
[2023-02-12] Accepted avahi 0.8-5+deb11u2 (source) into proposed-updates (Debian FTP Masters) (signed by: Michael Biebl)
[2023-02-10] avahi 0.8-8 MIGRATED to testing (Debian testing watch)
[2023-02-05] Accepted avahi 0.8-8 (source) into unstable (Michael Biebl)
[2023-01-16] avahi 0.8-7 MIGRATED to testing (Debian testing watch)
[2023-01-10] Accepted avahi 0.8-7 (source) into unstable (Michael Biebl)
[2022-08-28] Accepted avahi 0.8-5+deb11u1 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters)
[2022-06-11] avahi 0.8-6 MIGRATED to testing (Debian testing watch)
[2022-06-07] Accepted avahi 0.6.32-2+deb9u1 (source) into oldoldstable (Markus Koschany)
[2022-06-05] Accepted avahi 0.8-6 (source) into unstable (Michael Biebl)
[2021-03-08] Accepted avahi 0.7-4+deb10u1 (source amd64 all) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Sjoerd Simons)
[2021-02-12] avahi 0.8-5 MIGRATED to testing (Debian testing watch)
[2021-02-06] Accepted avahi 0.8-5 (source) into unstable (Sjoerd Simons)
[2021-02-05] Accepted avahi 0.8-4 (source) into unstable (Sjoerd Simons)

bugs [bug history graph]

all: 53 54
RC: 0
I&N: 44
M&W: 9 10
F&P: 0
patch: 0

links

homepage
lintian (0, 3)
buildd: logs, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
l10n (-, 81)
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 0.8-14ubuntu1
164 bugs (5 patches)
patches for 0.8-14ubuntu1