[ubuntu/resolute-proposed] avahi 0.8-17ubuntu1 (Accepted)

Ural Tunaboyu ural.tunaboyu at canonical.com
Tue Dec 9 20:24:21 UTC 2025 

avahi (0.8-17ubuntu1) resolute; urgency=medium

  * Merge with Debian unstable (LP: #2130121). Remaining changes:
    - avahi-daemon-chroot-fix-bogus-assignments-in-assertions.patch,
      avahi-client-fix-resource-leak.patch: Issues discovered by static
      analysis (Upstream pull request #202)
    - SECURITY UPDATE: Reachable assertions exist in domain functions in
      avahi-common
      + debian/patches/CVE-2023-38470-2.patch: bail out when escaped
        labels can't fit into ret
      + CVE-2023-38470
    - SECURITY UPDATE: Reachable assertions exist in server functions in
      avahi-core
      + debian/patches/CVE-2023-38471-2.patch: core: return errors from
        avahi_server_set_host_name properly
      + CVE-2023-38471
  * Dropped changes applied upstream:
    - d/t/local-resolve-service: Add non-superficial DEP-8 test, which validates
      resolving of mDNS .local domains and service discovery. (LP #2103699)

avahi (0.8-17) unstable; urgency=medium

  * Team upload

  [ Lukas Märdian ]
  * d/t/local-resolve-service: Add non-superficial DEP-8 test, which
    validates resolving of mDNS .local domains and service discovery

  [ Simon McVittie ]
  * d/control: Build-depend on gobject-introspection, gir1.2-*-dev.
    libgirepository1.0-dev is non-multiarch-friendly and should be phased
    out during the forky cycle.
  * Add patch from upstream 0.9-rc2 to turn off wide-area by default.
    (Mitigates: CVE-2024-52615, CVE-2024-52616, #1088110, #1088111)
  * Standards-Version: 4.7.2 (no changes required)

Date: Tue, 02 Dec 2025 16:15:49 -0800
Changed-By: Ural Tunaboyu <ural.tunaboyu at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Sebastien Bacher <sebastien.bacher at canonical.com>
https://launchpad.net/ubuntu/+source/avahi/0.8-17ubuntu1
-------------- next part --------------
Format: 1.8
Date: Tue, 02 Dec 2025 16:15:49 -0800
Source: avahi
Built-For-Profiles: noudeb
Architecture: source
Version: 0.8-17ubuntu1
Distribution: resolute
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Ural Tunaboyu <ural.tunaboyu at canonical.com>
Launchpad-Bugs-Fixed: 2130121
Changes:
 avahi (0.8-17ubuntu1) resolute; urgency=medium
 .
   * Merge with Debian unstable (LP: #2130121). Remaining changes:
     - avahi-daemon-chroot-fix-bogus-assignments-in-assertions.patch,
       avahi-client-fix-resource-leak.patch: Issues discovered by static
       analysis (Upstream pull request #202)
     - SECURITY UPDATE: Reachable assertions exist in domain functions in
       avahi-common
       + debian/patches/CVE-2023-38470-2.patch: bail out when escaped
         labels can't fit into ret
       + CVE-2023-38470
     - SECURITY UPDATE: Reachable assertions exist in server functions in
       avahi-core
       + debian/patches/CVE-2023-38471-2.patch: core: return errors from
         avahi_server_set_host_name properly
       + CVE-2023-38471
   * Dropped changes applied upstream:
     - d/t/local-resolve-service: Add non-superficial DEP-8 test, which validates
       resolving of mDNS .local domains and service discovery. (LP #2103699)
 .
 avahi (0.8-17) unstable; urgency=medium
 .
   * Team upload
 .
   [ Lukas Märdian ]
   * d/t/local-resolve-service: Add non-superficial DEP-8 test, which
     validates resolving of mDNS .local domains and service discovery
 .
   [ Simon McVittie ]
   * d/control: Build-depend on gobject-introspection, gir1.2-*-dev.
     libgirepository1.0-dev is non-multiarch-friendly and should be phased
     out during the forky cycle.
   * Add patch from upstream 0.9-rc2 to turn off wide-area by default.
     (Mitigates: CVE-2024-52615, CVE-2024-52616, #1088110, #1088111)
   * Standards-Version: 4.7.2 (no changes required)
Checksums-Sha1:
 5f66d469e0882dd444ef07f8319cd26044117d30 4167 avahi_0.8-17ubuntu1.dsc
 5c8d12c5ed7aafde1945921d36d6077b76e71538 60036 avahi_0.8-17ubuntu1.debian.tar.xz
 857c0b621a88310a8acbd5973133172981771f35 21065 avahi_0.8-17ubuntu1_source.buildinfo
Checksums-Sha256:
 b335b83a434ae84f7a4cd5683fafda49e154d58216bd7fddf6b3dd51b2ed2a0b 4167 avahi_0.8-17ubuntu1.dsc
 976be194e65fbb5c8a5fc2198740793ac906c2f3d808dfe5c023ae3ed9415c21 60036 avahi_0.8-17ubuntu1.debian.tar.xz
 4496ac0b3454c3ea0330147c8cd2d96ba6f90ead21a89818dd5e354b4cb0f1fa 21065 avahi_0.8-17ubuntu1_source.buildinfo
Files:
 14055e223e3340cc831de2ed9a8e4125 4167 net optional avahi_0.8-17ubuntu1.dsc
 6cf374d7da811b92982a8a9bc011eb09 60036 net optional avahi_0.8-17ubuntu1.debian.tar.xz
 f8e6ae294f46ebbb516708f65705188f 21065 net optional avahi_0.8-17ubuntu1_source.buildinfo
Original-Maintainer: Utopia Maintenance Team <pkg-utopia-maintainers at lists.alioth.debian.org>
Vcs-Git: https://git.launchpad.net/~uralt/ubuntu/+source/avahi
Vcs-Git-Commit: ece3f0166d4e2e55ce62d24a00cbbf32671f3b14
Vcs-Git-Ref: refs/heads/merge-lp2130121-resolute

More information about the Resolute-changes mailing list