avahi - Debian Package Tracker

general

source: avahi (main)
version: 0.8-16
maintainer: Utopia Maintenance Team (archive) (DMD)
uploaders: Sjoerd Simons [DMD] – Michael Biebl [DMD]
arch: all any
std-ver: 4.7.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

oldstable: 0.8-5+deb11u2
old-sec: 0.8-5+deb11u3
stable: 0.8-10+deb12u1
testing: 0.8-16
unstable: 0.8-16

versioned links

0.8-5+deb11u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.8-5+deb11u3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.8-10+deb12u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.8-16: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

avahi-autoipd (6 bugs: 0, 4, 2, 0)
avahi-daemon (38 bugs: 0, 32, 6, 0)
avahi-discover
avahi-dnsconfd
avahi-ui-utils
avahi-utils (4 bugs: 0, 3, 1, 0)
gir1.2-avahi-0.6
libavahi-client-dev
libavahi-client3
libavahi-common-data
libavahi-common-dev
libavahi-common3
libavahi-compat-libdnssd-dev
libavahi-compat-libdnssd1
libavahi-core-dev
libavahi-core7
libavahi-glib-dev
libavahi-glib1
libavahi-gobject-dev
libavahi-gobject0
libavahi-ui-gtk3-0
libavahi-ui-gtk3-dev
python3-avahi

action needed

2 security issues in sid high

There are 2 open security issues in sid.

2 important issues:

CVE-2024-52615: A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where malicious DNS responses are injected.
CVE-2024-52616: A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after that. This predictable behavior facilitates DNS spoofing attacks, allowing attackers to guess transaction IDs.

Created: 2023-10-05 Last update: 2025-04-19 20:30

3 new commits since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit 897237e857ceb02aa805411a4a13fb4be397e274
Author: Lukas Märdian <slyon@ubuntu.com>
Date:   Mon Mar 24 11:49:51 2025 +0100

    d/d/local-resolve-service: Reload avahi-daemon.service after installing a test service.

commit 182185d14b5ca8421a6d99b9e265e0f581d94ee9
Author: Lukas Märdian <slyon@ubuntu.com>
Date:   Mon Mar 24 11:49:24 2025 +0100

    d/t/local-resolve-service: Use trap to cleanup ephemeral files.

commit cfa77495b9c96a3d606ff61ae9fd5d3794018b07
Author: Lukas Märdian <slyon@ubuntu.com>
Date:   Thu Mar 20 10:35:20 2025 +0100

    d/t/local-resolve-service: Add non-superficial DEP-8 test, which validates
    
    resolving of mDNS .local domains and service discovery.

Created: 2025-03-24 Last update: 2025-07-26 18:00

lintian reports 4 warnings normal

Lintian reports 4 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2025-01-05 Last update: 2025-04-10 23:00

AppStream hints: 3 warnings normal

AppStream found metadata issues for packages:

avahi-discover: 1 warning
avahi-ui-utils: 2 warnings

You should get rid of them to provide more metadata about this software.

Created: 2020-06-01 Last update: 2022-06-06 08:33

2 low-priority security issues in bookworm low

There are 2 open security issues in bookworm.

2 issues left for the package maintainer to handle:

CVE-2024-52615: (needs triaging) A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where malicious DNS responses are injected.
CVE-2024-52616: (needs triaging) A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after that. This predictable behavior facilitates DNS spoofing attacks, allowing attackers to guess transaction IDs.

You can find information about how to handle these issues in the security team's documentation.

Created: 2023-10-05 Last update: 2025-04-19 20:30

debian/patches: 20 patches to forward upstream low

Among the 25 debian patches available in version 0.8-16 of the package, we noticed the following issues:

20 patches where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2023-02-26 Last update: 2025-01-05 06:00

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.2 instead of 4.7.0).

Created: 2025-02-21 Last update: 2025-02-27 13:25

news

[rss feed]

[2025-01-10] avahi 0.8-16 MIGRATED to testing (Debian testing watch)
[2025-01-04] Accepted avahi 0.8-16 (source) into unstable (Michael Biebl)
[2025-01-04] Accepted avahi 0.8-10+deb12u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Adrian Bunk)
[2024-12-10] avahi 0.8-15 MIGRATED to testing (Debian testing watch)
[2024-12-09] Accepted avahi 0.8-5+deb11u3 (source) into oldstable-security (Adrian Bunk)
[2024-12-04] Accepted avahi 0.8-15 (source) into unstable (Michael Biebl)
[2024-11-30] Accepted avahi 0.8-14 (source) into unstable (Michael Biebl)
[2023-11-13] avahi 0.8-13 MIGRATED to testing (Debian testing watch)
[2023-11-07] Accepted avahi 0.8-13 (source) into unstable (Simon McVittie)
[2023-10-25] avahi 0.8-12 MIGRATED to testing (Debian testing watch)
[2023-10-25] avahi 0.8-12 MIGRATED to testing (Debian testing watch)
[2023-10-20] Accepted avahi 0.8-12 (source) into unstable (Simon McVittie)
[2023-09-15] avahi 0.8-11 MIGRATED to testing (Debian testing watch)
[2023-09-07] Accepted avahi 0.8-11 (source) into unstable (Michael Biebl)
[2023-06-21] Accepted avahi 0.7-4+deb10u3 (source) into oldoldstable (Bastien Roucariès) (signed by: Bastien ROUCARIÈS)
[2023-05-02] Accepted avahi 0.7-4+deb10u2 (source amd64 all) into oldstable (Chris Lamb)
[2023-04-24] avahi 0.8-10 MIGRATED to testing (Debian testing watch)
[2023-04-19] Accepted avahi 0.8-10 (source) into unstable (Michael Biebl)
[2023-03-01] avahi 0.8-9 MIGRATED to testing (Debian testing watch)
[2023-02-18] Accepted avahi 0.8-9 (source) into unstable (Michael Biebl)
[2023-02-12] Accepted avahi 0.8-5+deb11u2 (source) into proposed-updates (Debian FTP Masters) (signed by: Michael Biebl)
[2023-02-10] avahi 0.8-8 MIGRATED to testing (Debian testing watch)
[2023-02-05] Accepted avahi 0.8-8 (source) into unstable (Michael Biebl)
[2023-01-16] avahi 0.8-7 MIGRATED to testing (Debian testing watch)
[2023-01-10] Accepted avahi 0.8-7 (source) into unstable (Michael Biebl)
[2022-08-28] Accepted avahi 0.8-5+deb11u1 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters)
[2022-06-11] avahi 0.8-6 MIGRATED to testing (Debian testing watch)
[2022-06-07] Accepted avahi 0.6.32-2+deb9u1 (source) into oldoldstable (Markus Koschany)
[2022-06-05] Accepted avahi 0.8-6 (source) into unstable (Michael Biebl)
[2021-03-08] Accepted avahi 0.7-4+deb10u1 (source amd64 all) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Sjoerd Simons)

bugs [bug history graph]

all: 52 53
RC: 0
I&N: 43
M&W: 9 10
F&P: 0
patch: 0

links

homepage
lintian (0, 4)
buildd: logs, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
l10n (-, 81)
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 0.8-16ubuntu2
165 bugs (5 patches)
patches for 0.8-16ubuntu2