avahi - Debian Package Tracker

general

source: avahi (main)
version: 0.8-16
maintainer: Utopia Maintenance Team (archive) (DMD)
uploaders: Sjoerd Simons [DMD] – Michael Biebl [DMD]
arch: all any
std-ver: 4.7.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 0.8-5+deb11u2
o-o-sec: 0.8-5+deb11u3
oldstable: 0.8-10+deb12u1
stable: 0.8-16
testing: 0.8-16
unstable: 0.8-16

versioned links

0.8-5+deb11u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.8-5+deb11u3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.8-10+deb12u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.8-16: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

avahi-autoipd (6 bugs: 0, 4, 2, 0)
avahi-daemon (38 bugs: 0, 32, 6, 0)
avahi-discover
avahi-dnsconfd
avahi-ui-utils
avahi-utils (4 bugs: 0, 3, 1, 0)
gir1.2-avahi-0.6
libavahi-client-dev
libavahi-client3
libavahi-common-data
libavahi-common-dev
libavahi-common3
libavahi-compat-libdnssd-dev
libavahi-compat-libdnssd1
libavahi-core-dev
libavahi-core7
libavahi-glib-dev
libavahi-glib1
libavahi-gobject-dev
libavahi-gobject0
libavahi-ui-gtk3-0
libavahi-ui-gtk3-dev
python3-avahi

action needed

2 security issues in sid high

There are 2 open security issues in sid.

2 important issues:

CVE-2024-52615: A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where malicious DNS responses are injected.
CVE-2024-52616: A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after that. This predictable behavior facilitates DNS spoofing attacks, allowing attackers to guess transaction IDs.

Created: 2023-10-05 Last update: 2025-08-10 06:32

2 security issues in forky high

There are 2 open security issues in forky.

2 important issues:

CVE-2024-52615: A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where malicious DNS responses are injected.
CVE-2024-52616: A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after that. This predictable behavior facilitates DNS spoofing attacks, allowing attackers to guess transaction IDs.

Created: 2025-08-09 Last update: 2025-08-10 06:32

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 0.8-17, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit db0ade514a767faf7187176b5aab82fe4998d4c9
Author: Simon McVittie <smcv@debian.org>
Date:   Fri Aug 15 17:29:34 2025 +0100

    Update changelog

commit 8d3dbb626633f83541b5e25f10a3b5c1563b1918
Author: Simon McVittie <smcv@debian.org>
Date:   Fri Aug 15 17:25:21 2025 +0100

    Add patch from upstream 0.9-rc2 to turn off wide-area by default
    
    Mitigates: CVE-2024-52615, CVE-2024-52616, #1088110, #1088111

commit 8e41dd44ce7392b4e6116800a662eb8346d42acd
Author: Simon McVittie <smcv@debian.org>
Date:   Fri Aug 15 16:35:46 2025 +0100

    Standards-Version: 4.7.2 (no changes required)

commit 12684c60e94e3d72e5b68f4410a8629a443985f5
Author: Simon McVittie <smcv@debian.org>
Date:   Fri Aug 15 16:35:21 2025 +0100

    d/control: Build-depend on gobject-introspection, gir1.2-*-dev
    
    libgirepository1.0-dev is non-multiarch-friendly and should be phased
    out during the forky cycle.

commit 897237e857ceb02aa805411a4a13fb4be397e274
Author: Lukas Märdian <slyon@ubuntu.com>
Date:   Mon Mar 24 11:49:51 2025 +0100

    d/d/local-resolve-service: Reload avahi-daemon.service after installing a test service.

commit 182185d14b5ca8421a6d99b9e265e0f581d94ee9
Author: Lukas Märdian <slyon@ubuntu.com>
Date:   Mon Mar 24 11:49:24 2025 +0100

    d/t/local-resolve-service: Use trap to cleanup ephemeral files.

commit cfa77495b9c96a3d606ff61ae9fd5d3794018b07
Author: Lukas Märdian <slyon@ubuntu.com>
Date:   Thu Mar 20 10:35:20 2025 +0100

    d/t/local-resolve-service: Add non-superficial DEP-8 test, which validates
    
    resolving of mDNS .local domains and service discovery.

Created: 2025-03-24 Last update: 2025-09-03 07:36

1 open merge request in Salsa normal

There is 1 open merge request for this package on Salsa. You should consider reviewing and/or merging these merge requests.

Created: 2025-08-19 Last update: 2025-08-19 06:28

lintian reports 4 warnings normal

Lintian reports 4 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2025-01-05 Last update: 2025-04-10 23:00

AppStream hints: 3 warnings normal

AppStream found metadata issues for packages:

avahi-discover: 1 warning
avahi-ui-utils: 2 warnings

You should get rid of them to provide more metadata about this software.

Created: 2020-06-01 Last update: 2022-06-06 08:33

2 low-priority security issues in trixie low

There are 2 open security issues in trixie.

2 issues left for the package maintainer to handle:

CVE-2024-52615: (needs triaging) A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where malicious DNS responses are injected.
CVE-2024-52616: (needs triaging) A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after that. This predictable behavior facilitates DNS spoofing attacks, allowing attackers to guess transaction IDs.

You can find information about how to handle these issues in the security team's documentation.

Created: 2025-08-09 Last update: 2025-08-10 06:32

2 low-priority security issues in bookworm low

There are 2 open security issues in bookworm.

2 issues left for the package maintainer to handle:

CVE-2024-52615: (needs triaging) A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where malicious DNS responses are injected.
CVE-2024-52616: (needs triaging) A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after that. This predictable behavior facilitates DNS spoofing attacks, allowing attackers to guess transaction IDs.

You can find information about how to handle these issues in the security team's documentation.

Created: 2023-10-05 Last update: 2025-08-10 06:32

debian/patches: 20 patches to forward upstream low

Among the 25 debian patches available in version 0.8-16 of the package, we noticed the following issues:

20 patches where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2023-02-26 Last update: 2025-01-05 06:00

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.2 instead of 4.7.0).

Created: 2025-02-21 Last update: 2025-02-27 13:25

news

[rss feed]

[2025-09-09] Accepted avahi 0.8-17 (source) into unstable (Simon McVittie)
[2025-01-10] avahi 0.8-16 MIGRATED to testing (Debian testing watch)
[2025-01-04] Accepted avahi 0.8-16 (source) into unstable (Michael Biebl)
[2025-01-04] Accepted avahi 0.8-10+deb12u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Adrian Bunk)
[2024-12-10] avahi 0.8-15 MIGRATED to testing (Debian testing watch)
[2024-12-09] Accepted avahi 0.8-5+deb11u3 (source) into oldstable-security (Adrian Bunk)
[2024-12-04] Accepted avahi 0.8-15 (source) into unstable (Michael Biebl)
[2024-11-30] Accepted avahi 0.8-14 (source) into unstable (Michael Biebl)
[2023-11-13] avahi 0.8-13 MIGRATED to testing (Debian testing watch)
[2023-11-07] Accepted avahi 0.8-13 (source) into unstable (Simon McVittie)
[2023-10-25] avahi 0.8-12 MIGRATED to testing (Debian testing watch)
[2023-10-25] avahi 0.8-12 MIGRATED to testing (Debian testing watch)
[2023-10-20] Accepted avahi 0.8-12 (source) into unstable (Simon McVittie)
[2023-09-15] avahi 0.8-11 MIGRATED to testing (Debian testing watch)
[2023-09-07] Accepted avahi 0.8-11 (source) into unstable (Michael Biebl)
[2023-06-21] Accepted avahi 0.7-4+deb10u3 (source) into oldoldstable (Bastien Roucariès) (signed by: Bastien ROUCARIÈS)
[2023-05-02] Accepted avahi 0.7-4+deb10u2 (source amd64 all) into oldstable (Chris Lamb)
[2023-04-24] avahi 0.8-10 MIGRATED to testing (Debian testing watch)
[2023-04-19] Accepted avahi 0.8-10 (source) into unstable (Michael Biebl)
[2023-03-01] avahi 0.8-9 MIGRATED to testing (Debian testing watch)
[2023-02-18] Accepted avahi 0.8-9 (source) into unstable (Michael Biebl)
[2023-02-12] Accepted avahi 0.8-5+deb11u2 (source) into proposed-updates (Debian FTP Masters) (signed by: Michael Biebl)
[2023-02-10] avahi 0.8-8 MIGRATED to testing (Debian testing watch)
[2023-02-05] Accepted avahi 0.8-8 (source) into unstable (Michael Biebl)
[2023-01-16] avahi 0.8-7 MIGRATED to testing (Debian testing watch)
[2023-01-10] Accepted avahi 0.8-7 (source) into unstable (Michael Biebl)
[2022-08-28] Accepted avahi 0.8-5+deb11u1 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters)
[2022-06-11] avahi 0.8-6 MIGRATED to testing (Debian testing watch)
[2022-06-07] Accepted avahi 0.6.32-2+deb9u1 (source) into oldoldstable (Markus Koschany)
[2022-06-05] Accepted avahi 0.8-6 (source) into unstable (Michael Biebl)

bugs [bug history graph]

all: 52 53
RC: 0
I&N: 43
M&W: 9 10
F&P: 0
patch: 0

links

homepage
lintian (0, 4)
buildd: logs, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
l10n (-, 81)
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 0.8-16ubuntu3
165 bugs (5 patches)
patches for 0.8-16ubuntu3