avahi - Debian Package Tracker

general

source: avahi (main)
version: 0.8-13
maintainer: Utopia Maintenance Team (archive) (DMD)
uploaders: Sjoerd Simons [DMD] – Sebastian Dröge [DMD] – Michael Biebl [DMD] – Loic Minier [DMD]
arch: all any
std-ver: 4.6.2
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 0.7-4+deb10u1
o-o-sec: 0.7-4+deb10u3
oldstable: 0.8-5+deb11u2
stable: 0.8-10
testing: 0.8-13
unstable: 0.8-13

versioned links

0.7-4+deb10u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.7-4+deb10u3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.8-5+deb11u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.8-10: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.8-13: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

avahi-autoipd (7 bugs: 0, 4, 3, 0)
avahi-daemon (47 bugs: 0, 37, 10, 0)
avahi-discover
avahi-dnsconfd
avahi-ui-utils
avahi-utils (4 bugs: 0, 3, 1, 0)
gir1.2-avahi-0.6
libavahi-client-dev
libavahi-client3
libavahi-common-data
libavahi-common-dev
libavahi-common3
libavahi-compat-libdnssd-dev
libavahi-compat-libdnssd1
libavahi-core-dev
libavahi-core7
libavahi-glib-dev
libavahi-glib1
libavahi-gobject-dev
libavahi-gobject0
libavahi-ui-gtk3-0
libavahi-ui-gtk3-dev
python3-avahi

action needed

Problems while searching for a new upstream version high

uscan had problems while searching for a new upstream version:

In watchfile debian/watch, reading webpage
  https://avahi.org/download/ failed: 404 Not Found

Created: 2023-12-09 Last update: 2024-11-23 19:01

7 security issues in trixie high

There are 7 open security issues in trixie.

7 important issues:

CVE-2023-38469: A vulnerability was found in Avahi, where a reachable assertion exists in avahi_dns_packet_append_record.
CVE-2023-38470: A vulnerability was found in Avahi. A reachable assertion exists in the avahi_escape_label() function.
CVE-2023-38471: A vulnerability was found in Avahi. A reachable assertion exists in the dbus_set_host_name function.
CVE-2023-38472: A vulnerability was found in Avahi. A reachable assertion exists in the avahi_rdata_parse() function.
CVE-2023-38473: A vulnerability was found in Avahi. A reachable assertion exists in the avahi_alternative_host_name() function.
CVE-2024-52615: A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where malicious DNS responses are injected.
CVE-2024-52616: A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after that. This predictable behavior facilitates DNS spoofing attacks, allowing attackers to guess transaction IDs.

Created: 2023-10-05 Last update: 2024-11-23 16:31

7 security issues in sid high

There are 7 open security issues in sid.

7 important issues:

CVE-2023-38469: A vulnerability was found in Avahi, where a reachable assertion exists in avahi_dns_packet_append_record.
CVE-2023-38470: A vulnerability was found in Avahi. A reachable assertion exists in the avahi_escape_label() function.
CVE-2023-38471: A vulnerability was found in Avahi. A reachable assertion exists in the dbus_set_host_name function.
CVE-2023-38472: A vulnerability was found in Avahi. A reachable assertion exists in the avahi_rdata_parse() function.
CVE-2023-38473: A vulnerability was found in Avahi. A reachable assertion exists in the avahi_alternative_host_name() function.
CVE-2024-52615: A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where malicious DNS responses are injected.
CVE-2024-52616: A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after that. This predictable behavior facilitates DNS spoofing attacks, allowing attackers to guess transaction IDs.

Created: 2023-10-05 Last update: 2024-11-23 16:31

lintian reports 3 warnings high

Lintian reports 3 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2023-09-08 Last update: 2024-07-31 12:31

6 new commits since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit 433d19ed9e654b70241d1d473d48d22bf5c8f120
Author: Simon McVittie <smcv@debian.org>
Date:   Sat Nov 23 10:10:11 2024 +0000

    d/salsa-ci.yml: Add
    
    Disable the cross-build test for now, this will need some more thought
    (perhaps building with nogir and/or nopython).

commit e34c90eda121f0a1a0ae4452bf4bac89aa8d3320
Author: Simon McVittie <smcv@debian.org>
Date:   Sat Nov 23 10:22:18 2024 +0000

    d/gbp.conf: Update packaging branch to debian/latest as per DEP-14

commit 558c09b1484f6ffb19a641585ad372da643f9fff
Author: Simon McVittie <smcv@debian.org>
Date:   Sat Nov 23 10:12:45 2024 +0000

    d/watch.devel: Add a secondary watch file that downloads release candidates
    
    This is not used by default by infrastructure (we don't necessarily want
    to package every prerelease), but can be used via
    `uscan --watchfile debian/watch.devel`.
    
    Thanks: Marc Leeman

commit cd94abb29057fa7cbf012886f821935f948660ba
Author: Simon McVittie <smcv@debian.org>
Date:   Sat Nov 23 10:05:10 2024 +0000

    d/watch: Use Github releases API
    
    Origin: https://github.com/avahi/avahi.github.io/issues/2#issuecomment-1845551470
    Thanks: Michael Biebl

commit 40089a71661412b49c41c005c9bbe855acb5c3e5
Author: Simon McVittie <smcv@debian.org>
Date:   Sat Nov 23 10:07:45 2024 +0000

    d/upstream/metadata: Add

commit bc93e7f0856dba9880e0f7a1ada094a7b1c19dc0
Author: Michael Biebl <biebl@debian.org>
Date:   Fri Nov 17 20:03:40 2023 +0100

    Remove obsolete maintscript code from pre oldstable

Created: 2023-11-17 Last update: 2024-11-23 14:03

AppStream hints: 3 warnings normal

AppStream found metadata issues for packages:

avahi-discover: 1 warning
avahi-ui-utils: 2 warnings

You should get rid of them to provide more metadata about this software.

Created: 2020-06-01 Last update: 2022-06-06 08:33

7 low-priority security issues in bookworm low

There are 7 open security issues in bookworm.

7 issues left for the package maintainer to handle:

CVE-2023-38469: (needs triaging) A vulnerability was found in Avahi, where a reachable assertion exists in avahi_dns_packet_append_record.
CVE-2023-38470: (needs triaging) A vulnerability was found in Avahi. A reachable assertion exists in the avahi_escape_label() function.
CVE-2023-38471: (needs triaging) A vulnerability was found in Avahi. A reachable assertion exists in the dbus_set_host_name function.
CVE-2023-38472: (needs triaging) A vulnerability was found in Avahi. A reachable assertion exists in the avahi_rdata_parse() function.
CVE-2023-38473: (needs triaging) A vulnerability was found in Avahi. A reachable assertion exists in the avahi_alternative_host_name() function.
CVE-2024-52615: (needs triaging) A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where malicious DNS responses are injected.
CVE-2024-52616: (needs triaging) A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after that. This predictable behavior facilitates DNS spoofing attacks, allowing attackers to guess transaction IDs.

You can find information about how to handle these issues in the security team's documentation.

Created: 2023-10-05 Last update: 2024-11-23 16:31

debian/patches: 11 patches to forward upstream low

Among the 17 debian patches available in version 0.8-13 of the package, we noticed the following issues:

11 patches where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2023-02-26 Last update: 2023-11-19 09:39

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.0 instead of 4.6.2).

Created: 2024-04-07 Last update: 2024-04-07 13:15

news

[rss feed]

[2023-11-13] avahi 0.8-13 MIGRATED to testing (Debian testing watch)
[2023-11-07] Accepted avahi 0.8-13 (source) into unstable (Simon McVittie)
[2023-10-25] avahi 0.8-12 MIGRATED to testing (Debian testing watch)
[2023-10-25] avahi 0.8-12 MIGRATED to testing (Debian testing watch)
[2023-10-20] Accepted avahi 0.8-12 (source) into unstable (Simon McVittie)
[2023-09-15] avahi 0.8-11 MIGRATED to testing (Debian testing watch)
[2023-09-07] Accepted avahi 0.8-11 (source) into unstable (Michael Biebl)
[2023-06-21] Accepted avahi 0.7-4+deb10u3 (source) into oldoldstable (Bastien Roucariès) (signed by: Bastien ROUCARIÈS)
[2023-05-02] Accepted avahi 0.7-4+deb10u2 (source amd64 all) into oldstable (Chris Lamb)
[2023-04-24] avahi 0.8-10 MIGRATED to testing (Debian testing watch)
[2023-04-19] Accepted avahi 0.8-10 (source) into unstable (Michael Biebl)
[2023-03-01] avahi 0.8-9 MIGRATED to testing (Debian testing watch)
[2023-02-18] Accepted avahi 0.8-9 (source) into unstable (Michael Biebl)
[2023-02-12] Accepted avahi 0.8-5+deb11u2 (source) into proposed-updates (Debian FTP Masters) (signed by: Michael Biebl)
[2023-02-10] avahi 0.8-8 MIGRATED to testing (Debian testing watch)
[2023-02-05] Accepted avahi 0.8-8 (source) into unstable (Michael Biebl)
[2023-01-16] avahi 0.8-7 MIGRATED to testing (Debian testing watch)
[2023-01-10] Accepted avahi 0.8-7 (source) into unstable (Michael Biebl)
[2022-08-28] Accepted avahi 0.8-5+deb11u1 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters)
[2022-06-11] avahi 0.8-6 MIGRATED to testing (Debian testing watch)
[2022-06-07] Accepted avahi 0.6.32-2+deb9u1 (source) into oldoldstable (Markus Koschany)
[2022-06-05] Accepted avahi 0.8-6 (source) into unstable (Michael Biebl)
[2021-03-08] Accepted avahi 0.7-4+deb10u1 (source amd64 all) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Sjoerd Simons)
[2021-02-12] avahi 0.8-5 MIGRATED to testing (Debian testing watch)
[2021-02-06] Accepted avahi 0.8-5 (source) into unstable (Sjoerd Simons)
[2021-02-05] Accepted avahi 0.8-4 (source) into unstable (Sjoerd Simons)
[2020-05-31] avahi 0.8-3 MIGRATED to testing (Debian testing watch)
[2020-05-26] Accepted avahi 0.8-3 (source) into unstable (Simon McVittie)
[2020-05-25] Accepted avahi 0.8-2 (all amd64 i386 source) into experimental, experimental (Debian FTP Masters) (signed by: Simon McVittie)
[2020-05-13] avahi 0.8-1 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 68 70
RC: 0
I&N: 54
M&W: 14 16
F&P: 0
patch: 0

links

homepage
lintian (0, 3)
buildd: logs, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
l10n (-, 81)
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 0.8-13ubuntu6
164 bugs (5 patches)
patches for 0.8-13ubuntu6