[Pkg-utopia-maintainers] Bug#984938: avahi-daemon: local DoS by event-busy-loop from writing long lines to /run/avahi-daemon/socket
Salvatore Bonaccorso
carnil at debian.org
Mon Jan 2 14:28:54 GMT 2023
Hi,
On Sat, Mar 27, 2021 at 08:29:36PM +0100, Salvatore Bonaccorso wrote:
> Control: forwarded -1 https://github.com/lathiat/avahi/pull/330
> Control: retitle -1 avahi: CVE-2021-3468: local DoS by event-busy-loop from writing long lines to /run/avahi-daemon/socket
>
> On Fri, Mar 26, 2021 at 12:22:29PM +0100, Riccardo Schirone wrote:
> > I have requested a CVE through Red Hat.
> >
> > I'm proposing a patch upstream[1].
> > Additional details about the flaw at [2].
> >
> > [1] https://github.com/lathiat/avahi/pull/330
> > [2] https://bugzilla.redhat.com/show_bug.cgi?id=1939614#c3
>
> This has been assigned CVE-2021-3468.
Upstream has now merged the fix:
https://github.com/lathiat/avahi/commit/447affe29991ee99c6b9732fc5f2c1048a611d3b
(but asking if the fix has been tested already on rolling releases. It
is not the case for us, but we might now pick the fix for unstable. If
nothing breaks let it migrate to testing, and so bookworm).
For bullseye once we are confident enough the fix can go in via a
point release.
Regards,
Salvatore
More information about the Pkg-utopia-maintainers
mailing list