[Git][security-tracker-team/security-tracker][master] dla: add avahi

Sylvain Beucler (@beuc) gitlab at salsa.debian.org
Tue Nov 19 15:09:06 GMT 2024 


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f32c0b12 by Sylvain Beucler at 2024-11-19T16:08:44+01:00
dla: add avahi

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -637,6 +637,7 @@ CVE-2024-48962 (Improper Control of Generation of Code ('Code Injection'), Cross
 CVE-2024-52616 [Avahi Wide-Area DNS Predictable Transaction IDs]
 	- avahi <unfixed>
 	[bookworm] - avahi <no-dsa> (Minor issue; workarounds/mitigation exist by setting enable-wide-area=no)
+	[bullseye] - avahi <no-dsa> (Minor issue; workarounds/mitigation exist by setting enable-wide-area=no)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2326429
 	NOTE: https://github.com/avahi/avahi/issues/254
 	NOTE: https://github.com/avahi/avahi/issues/254#issuecomment-2480519212
@@ -646,6 +647,7 @@ CVE-2024-52616 [Avahi Wide-Area DNS Predictable Transaction IDs]
 CVE-2024-52615 [Avahi Wide-Area DNS Uses Constant Source Port]
 	- avahi <unfixed>
 	[bookworm] - avahi <no-dsa> (Minor issue; workarounds/mitigation exist by setting enable-wide-area=no)
+	[bullseye] - avahi <no-dsa> (Minor issue; workarounds/mitigation exist by setting enable-wide-area=no)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2326418
 	NOTE: https://github.com/avahi/avahi/issues/254
 	NOTE: https://github.com/avahi/avahi/issues/254#issuecomment-2480519212


=====================================
data/dla-needed.txt
=====================================
@@ -32,6 +32,12 @@ ansible
   NOTE: 20241103: Fixed sid, bookworm, and bullseye (rouca)
   NOTE: 20241103: Bullseye autopkgtest fail (unrelated to fix) try to fix before release (rouca)
 --
+avahi
+  NOTE: 20241119: Added by Front-Desk (Beuc)
+  NOTE: 20241119: Multiple CVEs now fixed upstream: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054880#12
+  NOTE: 20241119: Consider coordinating with maintainers to fix in sid, and then in all releases.
+  NOTE: 20241119: Also CVE-2023-1981 fixed in both bookworm and buster/stretch/jessie (Beuc/front-desk)
+--
 cacti
   NOTE: 20241023: Added by Front-Desk (lamby)
   NOTE: 20241103: Opened a git issue https://github.com/Cacti/cacti/issues/5896 for getting the upstream commit (rouca)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f32c0b12eeffcebb61b3729f40c0b9357a0e3264

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f32c0b12eeffcebb61b3729f40c0b9357a0e3264
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241119/4339c18c/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list