[ubuntu/noble-proposed] avahi 0.8-13ubuntu2 (Accepted)

Nick Galanis nick.galanis at canonical.com
Mon Nov 20 13:26:14 UTC 2023 

avahi (0.8-13ubuntu2) noble; urgency=medium

  * SECURITY UPDATE: Reachable assertions exist in server functions of
    avahi-core
    - debian/patches/CVE-2023-38469-1.patch: reject overly long TXT
      resource records
    - debian/patches/CVE-2023-38469-2.patch: tests: pass overly long TXT
      resource records
    - CVE-2023-38469

  * SECURITY UPDATE: Reachable assertions exist in domain functions in
    avahi-common
    - debian/patches/CVE-2023-38470-1.patch: Ensure each label is at least
      one byte long
    - debian/patches/CVE-2023-38470-2.patch: bail out when escaped labels
      can't fit into ret
    - CVE-2023-38470

  * SECURITY UPDATE: Reachable assertions exist in server functions in
    avahi-core
    - debian/patches/CVE-2023-38471-1.patch: core: extract host name using
      avahi_unescape_label()
    - debian/patches/CVE-2023-38471-2.patch: core: return errors from
      avahi_server_set_host_name properly
    - CVE-2023-38471

  * SECURITY UPDATE: Reachable assertions exist in dbus functions in
    avahi-daemon
    - debian/patches/CVE-2023-38472.patch: core: make sure there is rdata
      to process before parsing it
    - CVE-2023-38472

  * SECURITY UPDATE: Reachable assertions exist in alternative functions
    in avahi-common
    - debian/patches/CVE-2023-38473.patch: common: derive alternative host
      name from its unescaped version
    - CVE-2023-38473

Date: Mon, 20 Nov 2023 13:51:34 +0200
Changed-By: Nick Galanis <nick.galanis at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/avahi/0.8-13ubuntu2
-------------- next part --------------
Format: 1.8
Date: Mon, 20 Nov 2023 13:51:34 +0200
Source: avahi
Built-For-Profiles: noudeb
Architecture: source
Version: 0.8-13ubuntu2
Distribution: noble
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Nick Galanis <nick.galanis at canonical.com>
Changes:
 avahi (0.8-13ubuntu2) noble; urgency=medium
 .
   * SECURITY UPDATE: Reachable assertions exist in server functions of
     avahi-core
     - debian/patches/CVE-2023-38469-1.patch: reject overly long TXT
       resource records
     - debian/patches/CVE-2023-38469-2.patch: tests: pass overly long TXT
       resource records
     - CVE-2023-38469
 .
   * SECURITY UPDATE: Reachable assertions exist in domain functions in
     avahi-common
     - debian/patches/CVE-2023-38470-1.patch: Ensure each label is at least
       one byte long
     - debian/patches/CVE-2023-38470-2.patch: bail out when escaped labels
       can't fit into ret
     - CVE-2023-38470
 .
   * SECURITY UPDATE: Reachable assertions exist in server functions in
     avahi-core
     - debian/patches/CVE-2023-38471-1.patch: core: extract host name using
       avahi_unescape_label()
     - debian/patches/CVE-2023-38471-2.patch: core: return errors from
       avahi_server_set_host_name properly
     - CVE-2023-38471
 .
   * SECURITY UPDATE: Reachable assertions exist in dbus functions in
     avahi-daemon
     - debian/patches/CVE-2023-38472.patch: core: make sure there is rdata
       to process before parsing it
     - CVE-2023-38472
 .
   * SECURITY UPDATE: Reachable assertions exist in alternative functions
     in avahi-common
     - debian/patches/CVE-2023-38473.patch: common: derive alternative host
       name from its unescaped version
     - CVE-2023-38473
Checksums-Sha1:
 15a5929bbf3b2d20df43b47877ef2a6ada2cccce 4150 avahi_0.8-13ubuntu2.dsc
 81cf4173554baeec2dc4f989426bf1434ead578a 49092 avahi_0.8-13ubuntu2.debian.tar.xz
 bbb9b339d321881b3d234eeedf4872c400422507 16238 avahi_0.8-13ubuntu2_source.buildinfo
Checksums-Sha256:
 cbd0d9e9f3c0c670e2551c928aaf7787c212d93401729bce5bafa5c0ce81da83 4150 avahi_0.8-13ubuntu2.dsc
 2d53f76bc8f545aafbe3deaffb6a4c160d5989cbd838e1a9d6794d21141d1cd7 49092 avahi_0.8-13ubuntu2.debian.tar.xz
 3a7a5d95e39bc9264f07c646ac0f8e50bd91465636dd1054d9e09fd16c952212 16238 avahi_0.8-13ubuntu2_source.buildinfo
Files:
 d1b08f99288bbeb406481cf0860582a6 4150 net optional avahi_0.8-13ubuntu2.dsc
 cec4df4c2b2cacaa032dde89ea4ed7ba 49092 net optional avahi_0.8-13ubuntu2.debian.tar.xz
 bf9127299aa353b9272a52fb8a10ed72 16238 net optional avahi_0.8-13ubuntu2_source.buildinfo
Original-Maintainer: Utopia Maintenance Team <pkg-utopia-maintainers at lists.alioth.debian.org>

More information about the noble-changes mailing list