Debian Package Tracker
Register | Log in
Subscribe

avahi

Choose email to subscribe with

general
  • source: avahi (main)
  • version: 0.8-16
  • maintainer: Utopia Maintenance Team (archive) (DMD)
  • uploaders: Sjoerd Simons [DMD] – Michael Biebl [DMD]
  • arch: all any
  • std-ver: 4.7.0
  • VCS: Git (Browse, QA)
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • o-o-stable: 0.8-5+deb11u2
  • o-o-sec: 0.8-5+deb11u3
  • oldstable: 0.8-10+deb12u1
  • stable: 0.8-16
  • testing: 0.8-16
  • unstable: 0.8-16
versioned links
  • 0.8-5+deb11u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 0.8-5+deb11u3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 0.8-10+deb12u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 0.8-16: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • avahi-autoipd (6 bugs: 0, 4, 2, 0)
  • avahi-daemon (38 bugs: 0, 32, 6, 0)
  • avahi-discover
  • avahi-dnsconfd
  • avahi-ui-utils
  • avahi-utils (4 bugs: 0, 3, 1, 0)
  • gir1.2-avahi-0.6
  • libavahi-client-dev
  • libavahi-client3
  • libavahi-common-data
  • libavahi-common-dev
  • libavahi-common3
  • libavahi-compat-libdnssd-dev
  • libavahi-compat-libdnssd1
  • libavahi-core-dev
  • libavahi-core7
  • libavahi-glib-dev
  • libavahi-glib1
  • libavahi-gobject-dev
  • libavahi-gobject0
  • libavahi-ui-gtk3-0
  • libavahi-ui-gtk3-dev
  • python3-avahi
action needed
2 security issues in sid high

There are 2 open security issues in sid.

2 important issues:
  • CVE-2024-52615: A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where malicious DNS responses are injected.
  • CVE-2024-52616: A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after that. This predictable behavior facilitates DNS spoofing attacks, allowing attackers to guess transaction IDs.
Created: 2023-10-05 Last update: 2025-08-10 06:32
2 security issues in forky high

There are 2 open security issues in forky.

2 important issues:
  • CVE-2024-52615: A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where malicious DNS responses are injected.
  • CVE-2024-52616: A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after that. This predictable behavior facilitates DNS spoofing attacks, allowing attackers to guess transaction IDs.
Created: 2025-08-09 Last update: 2025-08-10 06:32
version in VCS is newer than in repository, is it time to upload? normal
vcswatch reports that this package seems to have a new changelog entry (version 0.8-17, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:
commit db0ade514a767faf7187176b5aab82fe4998d4c9
Author: Simon McVittie <smcv@debian.org>
Date:   Fri Aug 15 17:29:34 2025 +0100

    Update changelog

commit 8d3dbb626633f83541b5e25f10a3b5c1563b1918
Author: Simon McVittie <smcv@debian.org>
Date:   Fri Aug 15 17:25:21 2025 +0100

    Add patch from upstream 0.9-rc2 to turn off wide-area by default
    
    Mitigates: CVE-2024-52615, CVE-2024-52616, #1088110, #1088111

commit 8e41dd44ce7392b4e6116800a662eb8346d42acd
Author: Simon McVittie <smcv@debian.org>
Date:   Fri Aug 15 16:35:46 2025 +0100

    Standards-Version: 4.7.2 (no changes required)

commit 12684c60e94e3d72e5b68f4410a8629a443985f5
Author: Simon McVittie <smcv@debian.org>
Date:   Fri Aug 15 16:35:21 2025 +0100

    d/control: Build-depend on gobject-introspection, gir1.2-*-dev
    
    libgirepository1.0-dev is non-multiarch-friendly and should be phased
    out during the forky cycle.

commit 897237e857ceb02aa805411a4a13fb4be397e274
Author: Lukas Märdian <slyon@ubuntu.com>
Date:   Mon Mar 24 11:49:51 2025 +0100

    d/d/local-resolve-service: Reload avahi-daemon.service after installing a test service.

commit 182185d14b5ca8421a6d99b9e265e0f581d94ee9
Author: Lukas Märdian <slyon@ubuntu.com>
Date:   Mon Mar 24 11:49:24 2025 +0100

    d/t/local-resolve-service: Use trap to cleanup ephemeral files.

commit cfa77495b9c96a3d606ff61ae9fd5d3794018b07
Author: Lukas Märdian <slyon@ubuntu.com>
Date:   Thu Mar 20 10:35:20 2025 +0100

    d/t/local-resolve-service: Add non-superficial DEP-8 test, which validates
    
    resolving of mDNS .local domains and service discovery.
Created: 2025-03-24 Last update: 2025-09-03 07:36
1 open merge request in Salsa normal
There is 1 open merge request for this package on Salsa. You should consider reviewing and/or merging these merge requests.
Created: 2025-08-19 Last update: 2025-08-19 06:28
lintian reports 4 warnings normal
Lintian reports 4 warnings about this package. You should make the package lintian clean getting rid of them.
Created: 2025-01-05 Last update: 2025-04-10 23:00
AppStream hints: 3 warnings normal
AppStream found metadata issues for packages:
  • avahi-discover: 1 warning
  • avahi-ui-utils: 2 warnings
You should get rid of them to provide more metadata about this software.
Created: 2020-06-01 Last update: 2022-06-06 08:33
2 low-priority security issues in trixie low

There are 2 open security issues in trixie.

2 issues left for the package maintainer to handle:
  • CVE-2024-52615: (needs triaging) A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where malicious DNS responses are injected.
  • CVE-2024-52616: (needs triaging) A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after that. This predictable behavior facilitates DNS spoofing attacks, allowing attackers to guess transaction IDs.

You can find information about how to handle these issues in the security team's documentation.

Created: 2025-08-09 Last update: 2025-08-10 06:32
2 low-priority security issues in bookworm low

There are 2 open security issues in bookworm.

2 issues left for the package maintainer to handle:
  • CVE-2024-52615: (needs triaging) A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where malicious DNS responses are injected.
  • CVE-2024-52616: (needs triaging) A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after that. This predictable behavior facilitates DNS spoofing attacks, allowing attackers to guess transaction IDs.

You can find information about how to handle these issues in the security team's documentation.

Created: 2023-10-05 Last update: 2025-08-10 06:32
debian/patches: 20 patches to forward upstream low

Among the 25 debian patches available in version 0.8-16 of the package, we noticed the following issues:

  • 20 patches where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.
Created: 2023-02-26 Last update: 2025-01-05 06:00
Standards version of the package is outdated. wishlist
The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.2 instead of 4.7.0).
Created: 2025-02-21 Last update: 2025-02-27 13:25
news
[rss feed]
  • [2025-01-10] avahi 0.8-16 MIGRATED to testing (Debian testing watch)
  • [2025-01-04] Accepted avahi 0.8-16 (source) into unstable (Michael Biebl)
  • [2025-01-04] Accepted avahi 0.8-10+deb12u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Adrian Bunk)
  • [2024-12-10] avahi 0.8-15 MIGRATED to testing (Debian testing watch)
  • [2024-12-09] Accepted avahi 0.8-5+deb11u3 (source) into oldstable-security (Adrian Bunk)
  • [2024-12-04] Accepted avahi 0.8-15 (source) into unstable (Michael Biebl)
  • [2024-11-30] Accepted avahi 0.8-14 (source) into unstable (Michael Biebl)
  • [2023-11-13] avahi 0.8-13 MIGRATED to testing (Debian testing watch)
  • [2023-11-07] Accepted avahi 0.8-13 (source) into unstable (Simon McVittie)
  • [2023-10-25] avahi 0.8-12 MIGRATED to testing (Debian testing watch)
  • [2023-10-25] avahi 0.8-12 MIGRATED to testing (Debian testing watch)
  • [2023-10-20] Accepted avahi 0.8-12 (source) into unstable (Simon McVittie)
  • [2023-09-15] avahi 0.8-11 MIGRATED to testing (Debian testing watch)
  • [2023-09-07] Accepted avahi 0.8-11 (source) into unstable (Michael Biebl)
  • [2023-06-21] Accepted avahi 0.7-4+deb10u3 (source) into oldoldstable (Bastien Roucariès) (signed by: Bastien ROUCARIÈS)
  • [2023-05-02] Accepted avahi 0.7-4+deb10u2 (source amd64 all) into oldstable (Chris Lamb)
  • [2023-04-24] avahi 0.8-10 MIGRATED to testing (Debian testing watch)
  • [2023-04-19] Accepted avahi 0.8-10 (source) into unstable (Michael Biebl)
  • [2023-03-01] avahi 0.8-9 MIGRATED to testing (Debian testing watch)
  • [2023-02-18] Accepted avahi 0.8-9 (source) into unstable (Michael Biebl)
  • [2023-02-12] Accepted avahi 0.8-5+deb11u2 (source) into proposed-updates (Debian FTP Masters) (signed by: Michael Biebl)
  • [2023-02-10] avahi 0.8-8 MIGRATED to testing (Debian testing watch)
  • [2023-02-05] Accepted avahi 0.8-8 (source) into unstable (Michael Biebl)
  • [2023-01-16] avahi 0.8-7 MIGRATED to testing (Debian testing watch)
  • [2023-01-10] Accepted avahi 0.8-7 (source) into unstable (Michael Biebl)
  • [2022-08-28] Accepted avahi 0.8-5+deb11u1 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters)
  • [2022-06-11] avahi 0.8-6 MIGRATED to testing (Debian testing watch)
  • [2022-06-07] Accepted avahi 0.6.32-2+deb9u1 (source) into oldoldstable (Markus Koschany)
  • [2022-06-05] Accepted avahi 0.8-6 (source) into unstable (Michael Biebl)
  • [2021-03-08] Accepted avahi 0.7-4+deb10u1 (source amd64 all) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Sjoerd Simons)
  • 1
  • 2
bugs [bug history graph]
  • all: 52 53
  • RC: 0
  • I&N: 43
  • M&W: 9 10
  • F&P: 0
  • patch: 0
links
  • homepage
  • lintian (0, 4)
  • buildd: logs, reproducibility, cross
  • popcon
  • browse source code
  • edit tags
  • other distros
  • security tracker
  • l10n (-, 81)
  • debian patches
  • debci
ubuntu Ubuntu logo [Information about Ubuntu for Debian Developers]
  • version: 0.8-16ubuntu2
  • 165 bugs (5 patches)
  • patches for 0.8-16ubuntu2

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing