avahi - Debian Package Tracker

general

source: avahi (main)
version: 0.8-16
maintainer: Utopia Maintenance Team (archive) (DMD)
uploaders: Sjoerd Simons [DMD] – Michael Biebl [DMD]
arch: all any
std-ver: 4.7.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 0.8-5+deb11u2
o-o-sec: 0.8-5+deb11u3
oldstable: 0.8-10+deb12u1
stable: 0.8-16
testing: 0.8-16
unstable: 0.8-16

versioned links

0.8-5+deb11u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.8-5+deb11u3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.8-10+deb12u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.8-16: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.8-17: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

avahi-autoipd (6 bugs: 0, 4, 2, 0)
avahi-daemon (38 bugs: 0, 32, 6, 0)
avahi-discover
avahi-dnsconfd
avahi-ui-utils
avahi-utils (4 bugs: 0, 3, 1, 0)
gir1.2-avahi-0.6
libavahi-client-dev
libavahi-client3
libavahi-common-data
libavahi-common-dev
libavahi-common3
libavahi-compat-libdnssd-dev
libavahi-compat-libdnssd1
libavahi-core-dev
libavahi-core7
libavahi-glib-dev
libavahi-glib1
libavahi-gobject-dev
libavahi-gobject0
libavahi-ui-gtk3-0
libavahi-ui-gtk3-dev
python3-avahi

action needed

2 security issues in sid high

There are 2 open security issues in sid.

2 important issues:

CVE-2024-52615: A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where malicious DNS responses are injected.
CVE-2024-52616: A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after that. This predictable behavior facilitates DNS spoofing attacks, allowing attackers to guess transaction IDs.

Created: 2023-10-05 Last update: 2025-09-09 15:59

2 security issues in forky high

There are 2 open security issues in forky.

2 important issues:

CVE-2024-52615: A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where malicious DNS responses are injected.
CVE-2024-52616: A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after that. This predictable behavior facilitates DNS spoofing attacks, allowing attackers to guess transaction IDs.

Created: 2025-08-09 Last update: 2025-09-09 15:59

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 0.8-18, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit 883f6efec799cfcb28da50f53355f8f94dba12c4
Author: Simon McVittie <smcv@debian.org>
Date:   Tue Sep 9 13:54:01 2025 +0100

    Update changelog

commit 4925a804019bb750d4c7254fddb0b6595755e22b
Author: Simon McVittie <smcv@debian.org>
Date:   Tue Sep 9 13:53:27 2025 +0100

    d/copyright: Don't quote the FSF's former postal address here

commit a9b0179ad756c107ecdeeb33ecaf91199c5eb781
Merge: 9bf904e b6c6b8b
Author: Simon McVittie <smcv@debian.org>
Date:   Tue Sep 9 13:52:56 2025 +0100

    Merge tag 'upstream/0.8' into debian/latest
    
    Upstream version 0.8

commit b6c6b8b48828532ec966b41e2190d0ad89825add
Author: Andreas Henriksson <andreas@fatal.se>
Date:   Tue Feb 18 21:46:09 2020 +0100

    New upstream version 0.8

commit 34345314f409d6cd9d475c68c95e777ae8a1fbc2
Author: Andreas Henriksson <andreas@fatal.se>
Date:   Sat Oct 26 15:05:58 2019 +0200

    New upstream version 0.7+git20190507.4a5454f

commit 543e8d0833b922f8e2234a95b0e6b43ce57e11c3
Author: Andreas Henriksson <andreas@fatal.se>
Date:   Thu Aug 24 15:41:12 2017 +0200

    New upstream version 0.7

commit 509e9602f6b061731e6184d6675f2b3662c9debb
Author: Michael Biebl <biebl@debian.org>
Date:   Mon Jun 27 21:13:34 2016 +0200

    Imported Upstream version 0.6.32

commit c33d3c9797766aec7a18a9274b06c32c22da95c1
Author: Laurent Bigonville <bigon@bigon.be>
Date:   Wed Nov 4 21:06:52 2015 +0100

    Imported Upstream version 0.6.32~rc+dfsg

commit 0dc1680d2d79f3c4029f44fb9b50b4a8060c318a
Author: Laurent Bigonville <bigon@bigon.be>
Date:   Wed Nov 4 21:06:40 2015 +0100

    Imported Upstream version 0.6.32~rc+dfsg

commit f65f01e23dad2fe12d0ed42478c755fe8cffc804
Author: Michael Biebl <biebl@debian.org>
Date:   Wed Feb 15 16:00:28 2012 +0100

    Imported Upstream version 0.6.31

commit 24262358e73184d3417df5e50d19d8536c254581
Author: Michael Biebl <biebl@debian.org>
Date:   Mon Apr 4 02:22:03 2011 +0200

    Imported Upstream version 0.6.30

commit 7d69d75795a95cea78d326f826c1fcadc8161106
Author: Michael Biebl <biebl@debian.org>
Date:   Fri Mar 11 00:34:22 2011 +0100

    Imported Upstream version 0.6.29

commit fc714f1f24f9f12335b53f36c2765dc0077e3410
Author: Michael Biebl <biebl@debian.org>
Date:   Thu Nov 18 06:11:41 2010 +0100

    Imported Upstream version 0.6.28

commit 0fe1d7b5874ca26dfbc05dc1fd2f943a4ee5554c
Author: Michael Biebl <biebl@debian.org>
Date:   Thu Nov 18 04:09:35 2010 +0100

    Imported Upstream version 0.6.27

Created: 2025-03-24 Last update: 2025-09-09 15:03

1 open merge request in Salsa normal

There is 1 open merge request for this package on Salsa. You should consider reviewing and/or merging these merge requests.

Created: 2025-08-19 Last update: 2025-08-19 06:28

lintian reports 4 warnings normal

Lintian reports 4 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2025-01-05 Last update: 2025-04-10 23:00

AppStream hints: 3 warnings normal

AppStream found metadata issues for packages:

avahi-discover: 1 warning
avahi-ui-utils: 2 warnings

You should get rid of them to provide more metadata about this software.

Created: 2020-06-01 Last update: 2022-06-06 08:33

2 low-priority security issues in trixie low

There are 2 open security issues in trixie.

2 issues left for the package maintainer to handle:

CVE-2024-52615: (needs triaging) A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where malicious DNS responses are injected.
CVE-2024-52616: (needs triaging) A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after that. This predictable behavior facilitates DNS spoofing attacks, allowing attackers to guess transaction IDs.

You can find information about how to handle these issues in the security team's documentation.

Created: 2025-08-09 Last update: 2025-09-09 15:59

2 low-priority security issues in bookworm low

There are 2 open security issues in bookworm.

2 issues left for the package maintainer to handle:

CVE-2024-52615: (needs triaging) A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where malicious DNS responses are injected.
CVE-2024-52616: (needs triaging) A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after that. This predictable behavior facilitates DNS spoofing attacks, allowing attackers to guess transaction IDs.

You can find information about how to handle these issues in the security team's documentation.

Created: 2023-10-05 Last update: 2025-09-09 15:59

debian/patches: 20 patches to forward upstream low

Among the 25 debian patches available in version 0.8-16 of the package, we noticed the following issues:

20 patches where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2023-02-26 Last update: 2025-01-05 06:00

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.2 instead of 4.7.0).

Created: 2025-02-21 Last update: 2025-02-27 13:25

news

[rss feed]

[2025-09-09] Accepted avahi 0.8-17 (source) into unstable (Simon McVittie)
[2025-01-10] avahi 0.8-16 MIGRATED to testing (Debian testing watch)
[2025-01-04] Accepted avahi 0.8-16 (source) into unstable (Michael Biebl)
[2025-01-04] Accepted avahi 0.8-10+deb12u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Adrian Bunk)
[2024-12-10] avahi 0.8-15 MIGRATED to testing (Debian testing watch)
[2024-12-09] Accepted avahi 0.8-5+deb11u3 (source) into oldstable-security (Adrian Bunk)
[2024-12-04] Accepted avahi 0.8-15 (source) into unstable (Michael Biebl)
[2024-11-30] Accepted avahi 0.8-14 (source) into unstable (Michael Biebl)
[2023-11-13] avahi 0.8-13 MIGRATED to testing (Debian testing watch)
[2023-11-07] Accepted avahi 0.8-13 (source) into unstable (Simon McVittie)
[2023-10-25] avahi 0.8-12 MIGRATED to testing (Debian testing watch)
[2023-10-25] avahi 0.8-12 MIGRATED to testing (Debian testing watch)
[2023-10-20] Accepted avahi 0.8-12 (source) into unstable (Simon McVittie)
[2023-09-15] avahi 0.8-11 MIGRATED to testing (Debian testing watch)
[2023-09-07] Accepted avahi 0.8-11 (source) into unstable (Michael Biebl)
[2023-06-21] Accepted avahi 0.7-4+deb10u3 (source) into oldoldstable (Bastien Roucariès) (signed by: Bastien ROUCARIÈS)
[2023-05-02] Accepted avahi 0.7-4+deb10u2 (source amd64 all) into oldstable (Chris Lamb)
[2023-04-24] avahi 0.8-10 MIGRATED to testing (Debian testing watch)
[2023-04-19] Accepted avahi 0.8-10 (source) into unstable (Michael Biebl)
[2023-03-01] avahi 0.8-9 MIGRATED to testing (Debian testing watch)
[2023-02-18] Accepted avahi 0.8-9 (source) into unstable (Michael Biebl)
[2023-02-12] Accepted avahi 0.8-5+deb11u2 (source) into proposed-updates (Debian FTP Masters) (signed by: Michael Biebl)
[2023-02-10] avahi 0.8-8 MIGRATED to testing (Debian testing watch)
[2023-02-05] Accepted avahi 0.8-8 (source) into unstable (Michael Biebl)
[2023-01-16] avahi 0.8-7 MIGRATED to testing (Debian testing watch)
[2023-01-10] Accepted avahi 0.8-7 (source) into unstable (Michael Biebl)
[2022-08-28] Accepted avahi 0.8-5+deb11u1 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters)
[2022-06-11] avahi 0.8-6 MIGRATED to testing (Debian testing watch)
[2022-06-07] Accepted avahi 0.6.32-2+deb9u1 (source) into oldoldstable (Markus Koschany)
[2022-06-05] Accepted avahi 0.8-6 (source) into unstable (Michael Biebl)

bugs [bug history graph]

all: 52 53
RC: 0
I&N: 43
M&W: 9 10
F&P: 0
patch: 0

links

homepage
lintian (0, 4)
buildd: logs, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
l10n (-, 81)
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 0.8-16ubuntu3
165 bugs (5 patches)
patches for 0.8-16ubuntu3