[Bug 2098794] Re: Please merge 0.8-16 into plucky

Launchpad Bug Tracker 2098794 at bugs.launchpad.net
Sat Feb 22 19:18:50 UTC 2025 

This bug was fixed in the package avahi - 0.8-16ubuntu1

---------------
avahi (0.8-16ubuntu1) plucky; urgency=medium

  * Merge with Debian unstable (LP: #2098794). Remaining changes:
    - avahi-daemon-chroot-fix-bogus-assignments-in-assertions.patch,
      avahi-client-fix-resource-leak.patch: Issues discovered by static
      analysis (Upstream pull request #202)
    - SECURITY UPDATE: Reachable assertions exist in domain functions in
      avahi-common
      + debian/patches/CVE-2023-38470-2.patch: bail out when escaped
        labels can't fit into ret
      + CVE-2023-38470
    - SECURITY UPDATE: Reachable assertions exist in server functions in
      avahi-core
      + debian/patches/CVE-2023-38471-2.patch: core: return errors from
        avahi_server_set_host_name properly
      + CVE-2023-38471
  * Dropped changes, no longer needed:
    - Disable lto, see https://bugzilla.redhat.com/show_bug.cgi?id=1907727
      [Fixed in 0.8-16]

avahi (0.8-16) unstable; urgency=medium

  * Stop using embedded copy of sd-daemon.{c,h} and use libsystemd instead.
    Fixes build failures with LTO enabled.
    This adds a Build-Depends on libsystemd-dev on linux-any.
    Patch cherry-picked from upstream Git.

avahi (0.8-15) unstable; urgency=medium

  * Fix "Invalid service type" failures using an upstream patch.
    The initial patch to address 'avahi-browse -a breaks with "Invalid service
    type" if a device sends a malformed service' that was applied to Debian
    was not accepted upstream but solved differently. Use that upstream patch
    instead.
  * Remove inactive Maintainers from Uploaders.
    Thanks Loic and Sebastian!
  * Add Origin metadata according to DEP-3 for patches that have been cherry
    picked

 -- Mateus Rodrigues de Morais <mateus.morais at canonical.com>  Tue, 18
Feb 2025 16:22:58 -0300

** Changed in: avahi (Ubuntu)
       Status: Fix Committed => Fix Released

** Bug watch added: Red Hat Bugzilla #1907727
   https://bugzilla.redhat.com/show_bug.cgi?id=1907727

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-38470

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-38471

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to avahi in Ubuntu.
https://bugs.launchpad.net/bugs/2098794

Title:
  Please merge 0.8-16 into plucky

Status in avahi package in Ubuntu:
  Fix Released

Bug description:
  The upstream version 0.8-16 should be merged into plucky. The current
  version is 0.8-14ubuntu1.

  * PPA for review: https://launchpad.net/~mateus-
  morais/+archive/ubuntu/plucky-merges

  Note: this is a tracking bug

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/avahi/+bug/2098794/+subscriptions

More information about the foundations-bugs mailing list