Debian Package Tracker
Register | Log in
Subscribe

avahi

Choose email to subscribe with

general
  • source: avahi (main)
  • version: 0.8-6
  • maintainer: Utopia Maintenance Team (archive) (DMD)
  • uploaders: Loic Minier [DMD] – Michael Biebl [DMD] – Sebastian Dröge [DMD] – Sjoerd Simons [DMD]
  • arch: all any
  • std-ver: 4.6.0
  • VCS: Git (Browse, QA)
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • o-o-stable: 0.6.32-2
  • o-o-sec: 0.6.32-2+deb9u1
  • oldstable: 0.7-4+deb10u1
  • stable: 0.8-5
  • testing: 0.8-6
  • unstable: 0.8-6
versioned links
  • 0.6.32-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 0.6.32-2+deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 0.7-4+deb10u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 0.8-5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 0.8-6: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • avahi-autoipd (6 bugs: 0, 4, 2, 0)
  • avahi-daemon (46 bugs: 0, 36, 10, 0)
  • avahi-discover
  • avahi-dnsconfd
  • avahi-ui-utils (1 bugs: 0, 1, 0, 0)
  • avahi-utils (3 bugs: 0, 3, 0, 0)
  • gir1.2-avahi-0.6
  • libavahi-client-dev
  • libavahi-client3
  • libavahi-common-data
  • libavahi-common-dev
  • libavahi-common3
  • libavahi-compat-libdnssd-dev
  • libavahi-compat-libdnssd1
  • libavahi-core-dev
  • libavahi-core7
  • libavahi-glib-dev
  • libavahi-glib1
  • libavahi-gobject-dev
  • libavahi-gobject0
  • libavahi-ui-gtk3-0
  • libavahi-ui-gtk3-dev
  • python3-avahi
action needed
1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:
  • CVE-2021-3468: A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work function, allowing a local attacker to trigger an infinite loop. The highest threat from this vulnerability is to the availability of the avahi service, which becomes unresponsive after this flaw is triggered.
Created: 2022-07-04 Last update: 2022-08-08 18:31
1 security issue in bookworm high

There is 1 open security issue in bookworm.

1 important issue:
  • CVE-2021-3468: A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work function, allowing a local attacker to trigger an infinite loop. The highest threat from this vulnerability is to the availability of the avahi service, which becomes unresponsive after this flaw is triggered.
Created: 2022-07-04 Last update: 2022-08-08 18:31
lintian reports 18 warnings high
Lintian reports 18 warnings about this package. You should make the package lintian clean getting rid of them.
Created: 2021-04-11 Last update: 2022-07-30 12:12
1 bug tagged patch in the BTS normal
The BTS contains patches fixing 1 bug, consider including or untagging them.
Created: 2022-07-27 Last update: 2022-08-20 05:32
Does not build reproducibly during testing normal
A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!
Created: 2022-06-11 Last update: 2022-08-20 03:05
1 new commit since last upload, is it time to release? normal
vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:
commit 50d86df4bd2c8b3033f80812938689ba81be8932
Author: Debian Janitor <janitor@jelmer.uk>
Date:   Wed Feb 2 20:39:00 2022 +0000

    Remove constraints unnecessary since buster
    
    * Build-Depends: Drop versioned constraint on intltool, libcap-dev, libdaemon-dev, libdbus-1-dev and libglib2.0-dev.
    * avahi-daemon: Drop versioned constraint on libnss-mdns in Recommends.
    * libavahi-client-dev: Drop versioned constraint on libdbus-1-dev in Depends.
    * libavahi-compat-libdnssd1: Drop versioned constraint on libnss-mdns in Recommends.
    * Remove 3 maintscript entries from 2 files.
    
    Changes-By: deb-scrub-obsolete
Created: 2022-01-30 Last update: 2022-08-16 19:36
AppStream hints: 3 warnings normal
AppStream found metadata issues for packages:
  • avahi-discover: 1 warning
  • avahi-ui-utils: 2 warnings
You should get rid of them to provide more metadata about this software.
Created: 2020-06-01 Last update: 2022-06-06 08:33
1 low-priority security issue in bullseye low

There is 1 open security issue in bullseye.

1 issue left for the package maintainer to handle:
  • CVE-2021-3468: (needs triaging) A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work function, allowing a local attacker to trigger an infinite loop. The highest threat from this vulnerability is to the availability of the avahi service, which becomes unresponsive after this flaw is triggered.

You can find information about how to handle this issue in the security team's documentation.

1 issue that should be fixed with the next stable update:
  • CVE-2021-3502: A flaw was found in avahi 0.8-5. A reachable assertion is present in avahi_s_host_name_resolver_start function allowing a local attacker to crash the avahi service by requesting hostname resolutions through the avahi socket or dbus methods for invalid hostnames. The highest threat from this vulnerability is to the service availability.
Created: 2022-07-04 Last update: 2022-08-08 18:31
Standards version of the package is outdated. wishlist
The package should be updated to follow the last version of Debian Policy (Standards-Version 4.6.1 instead of 4.6.0).
Created: 2020-11-17 Last update: 2022-06-06 02:40
news
[rss feed]
  • [2022-06-11] avahi 0.8-6 MIGRATED to testing (Debian testing watch)
  • [2022-06-07] Accepted avahi 0.6.32-2+deb9u1 (source) into oldoldstable (Markus Koschany)
  • [2022-06-05] Accepted avahi 0.8-6 (source) into unstable (Michael Biebl)
  • [2021-03-08] Accepted avahi 0.7-4+deb10u1 (source amd64 all) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Sjoerd Simons)
  • [2021-02-12] avahi 0.8-5 MIGRATED to testing (Debian testing watch)
  • [2021-02-06] Accepted avahi 0.8-5 (source) into unstable (Sjoerd Simons)
  • [2021-02-05] Accepted avahi 0.8-4 (source) into unstable (Sjoerd Simons)
  • [2020-05-31] avahi 0.8-3 MIGRATED to testing (Debian testing watch)
  • [2020-05-26] Accepted avahi 0.8-3 (source) into unstable (Simon McVittie)
  • [2020-05-25] Accepted avahi 0.8-2 (all amd64 i386 source) into experimental, experimental (Debian FTP Masters) (signed by: Simon McVittie)
  • [2020-05-13] avahi 0.8-1 MIGRATED to testing (Debian testing watch)
  • [2020-05-07] Accepted avahi 0.8-1 (source) into unstable (Simon McVittie)
  • [2019-12-19] avahi 0.7-5 MIGRATED to testing (Debian testing watch)
  • [2019-12-13] Accepted avahi 0.7-5 (source) into unstable (Simon McVittie)
  • [2018-05-03] avahi 0.7-4 MIGRATED to testing (Debian testing watch)
  • [2018-04-27] Accepted avahi 0.7-4 (source) into unstable (Simon McVittie)
  • [2018-02-16] avahi 0.7-3.1 MIGRATED to testing (Debian testing watch)
  • [2018-02-02] Accepted avahi 0.7-3.1 (source) into unstable (Gianfranco Costamagna)
  • [2017-09-24] avahi 0.7-3 MIGRATED to testing (Debian testing watch)
  • [2017-09-18] Accepted avahi 0.7-3 (source) into unstable (Michael Biebl)
  • [2017-09-18] Accepted avahi 0.7-2 (source amd64 all) into unstable, unstable (Michael Biebl)
  • [2017-09-17] Accepted avahi 0.7-1 (source) into unstable (Michael Biebl)
  • [2017-02-03] avahi 0.6.32-2 MIGRATED to testing (Debian testing watch)
  • [2017-01-23] Accepted avahi 0.6.32-2 (source) into unstable (Michael Biebl)
  • [2016-07-03] avahi 0.6.32-1 MIGRATED to testing (Debian testing watch)
  • [2016-06-27] Accepted avahi 0.6.32-1 (source) into unstable (Michael Biebl)
  • [2015-11-10] avahi 0.6.32~rc+dfsg-1 MIGRATED to testing (Britney)
  • [2015-11-04] Accepted avahi 0.6.32~rc+dfsg-1 (source amd64 all) into unstable (Laurent Bigonville)
  • [2015-04-18] avahi 0.6.31-5 MIGRATED to testing (Britney)
  • [2015-04-13] Accepted avahi 0.6.31-5 (source amd64 all) into unstable (Michael Biebl)
  • 1
  • 2
bugs [bug history graph]
  • all: 57 59
  • RC: 0
  • I&N: 46
  • M&W: 11 13
  • F&P: 0
  • patch: 1
links
  • homepage
  • lintian (0, 18)
  • buildd: logs, clang, reproducibility, cross
  • popcon
  • browse source code
  • edit tags
  • other distros
  • security tracker
  • l10n (-, 81)
ubuntu Ubuntu logo [Information about Ubuntu for Debian Developers]
  • version: 0.8-5ubuntu5
  • 157 bugs (5 patches)
  • patches for 0.8-5ubuntu5

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing