[Pkg-utopia-maintainers] Fix date - CVE-2024-52615 and CVE-2024-52616
Michael Biebl
biebl at debian.org
Thu Jan 9 11:14:00 GMT 2025
Am 09.01.25 um 12:07 schrieb Michael Biebl:
> Am 07.01.25 um 16:18 schrieb Radoslaw Chmielewski:
>> Hi,
>>
>> Can you advice when we can expect fix an issue linked to
>> CVE-2024-52615and CVE-2024-52616?
>
> I can't give any advice on an expected time frame, no.
> Given that you are asking the Debian maintainers of avahi, I assume you
> want to know when a fixed Debian package is available.
> An upstream fix is a prerequisite for that which doesn't exist at this
> point.
>
> If you want to monitor any progress regarding those two issues you can
> subscribe to the downstream bug reports
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088110
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088111
>
> or the upstream advisories at
> https://github.com/avahi/avahi/security/advisories/GHSA-x6vp-f33h-h32g
> https://github.com/avahi/avahi/security/advisories/GHSA-r9j3-vjjh-p8vm
>
> As for CVE-2024-52616, you can mitigate the issue by turning off wide-
> area in /etc/avahi/avahi-daemon.conf
>
Actually, since CVE-2024-52615 is also related to wide-area, turning
that feature off should mitigate this as well.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-utopia-maintainers/attachments/20250109/7069b1c1/attachment.sig>
More information about the Pkg-utopia-maintainers
mailing list