[Pkg-utopia-maintainers] Bug#990900: avahi: CVE-2021-36217

Salvatore Bonaccorso carnil at debian.org
Mon Aug 9 20:13:52 BST 2021


Control: retitle 990900 avahi: CVE-2021-3502
Control: forcemerge 986018 990900

On Sat, Jul 10, 2021 at 11:22:51PM +0200, Salvatore Bonaccorso wrote:
> Source: avahi
> Version: 0.8-5
> Severity: important
> Tags: security upstream
> X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at security.debian.org>
> 
> Hi,
> 
> The following vulnerability was published for avahi.
> 
> CVE-2021-36217[0]:
> | Avahi 0.8 allows a local denial of service (NULL pointer dereference
> | and daemon crash) against avahi-daemon via the D-Bus interface or a
> | "ping .local" command.
> 
> 
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
> 
> For further information see:
> 
> [0] https://security-tracker.debian.org/tracker/CVE-2021-36217
>     https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36217
> [1] https://bugzilla.suse.com/show_bug.cgi?id=1188083

This issue is actually a duplicate of CVE-2021-3502. CVE-2021-36217
got rejected.

Regards,
Salvatore



More information about the Pkg-utopia-maintainers mailing list