[Pkg-utopia-maintainers] Fix date - CVE-2024-52615 and CVE-2024-52616
Michael Biebl
biebl at debian.org
Thu Jan 9 11:07:37 GMT 2025
Am 07.01.25 um 16:18 schrieb Radoslaw Chmielewski:
> Hi,
>
> Can you advice when we can expect fix an issue linked to
> CVE-2024-52615and CVE-2024-52616?
I can't give any advice on an expected time frame, no.
Given that you are asking the Debian maintainers of avahi, I assume you
want to know when a fixed Debian package is available.
An upstream fix is a prerequisite for that which doesn't exist at this
point.
If you want to monitor any progress regarding those two issues you can
subscribe to the downstream bug reports
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088110
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088111
or the upstream advisories at
https://github.com/avahi/avahi/security/advisories/GHSA-x6vp-f33h-h32g
https://github.com/avahi/avahi/security/advisories/GHSA-r9j3-vjjh-p8vm
As for CVE-2024-52616, you can mitigate the issue by turning off
wide-area in /etc/avahi/avahi-daemon.conf
https://github.com/avahi/avahi/pull/577/files
Regards,
Michael
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-utopia-maintainers/attachments/20250109/496ee944/attachment-0001.sig>
More information about the Pkg-utopia-maintainers
mailing list