[Pkg-utopia-maintainers] Bug#1090787: bookworm-pu: package avahi/0.8-10+deb12u1
Michael Biebl
biebl at debian.org
Thu Dec 19 10:35:51 GMT 2024
Am 19.12.24 um 08:24 schrieb Adrian Bunk:
> Package: release.debian.org
> Severity: normal
> Tags: bookworm moreinfo
> User: release.debian.org at packages.debian.org
> Usertags: pu
> X-Debbugs-Cc: security at debian.org, Michael Biebl <biebl at debian.org>, Utopia Maintenance Team <pkg-utopia-maintainers at lists.alioth.debian.org>
>
> * core: make sure there is rdata to process before parsing it.
> Patch cherry-picked from upstream Git.
> (CVE-2023-38472, Closes: #1054879)
> * core: reject overly long TXT resource records.
> Patches cherry-picked from upstream Git.
> (CVE-2023-38469, Closes: #1054876)
> * Ensure each label is at least one byte long.
> Patch cherry-picked from upstream Git.
> (CVE-2023-38470, Closes: #1054877)
> * core: extract host name using avahi_unescape_label()
> Patch cherry-picked from upstream Git.
> (CVE-2023-38471, Closes: #1054878)
> * common: derive alternative host name from its unescaped version.
> Patch cherry-picked from upstream Git.
> (CVE-2023-38473, Closes: #1054880)
> * Fix browsing when invalid services present.
> See https://github.com/lathiat/avahi/issues/212
>
>
> Tagged moreinfo for two reasons:
>
> 1. This is work done by Michael Biebl, it would be fine for me
> to close this request for a maintainer upload.
The debdiff looks good to me. Thanks for preparing it. Since you've
already done the work, I'm fine with the pu as-is and I would just
import the NMU into a debian/bookworm branch in salsa.
Michael
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-utopia-maintainers/attachments/20241219/a036fb00/attachment.sig>
More information about the Pkg-utopia-maintainers
mailing list