Adding patchinfo patchinfo.20240821152930070909.269002615871826

2024-09-05 15:34:14 +02:00 · 2024-09-05 15:34:14 +02:00 · a3c62c3611
commit a3c62c3611
parent bc42544d14
2 changed files with 28 additions and 1 deletions
--- a/2
+++ b/2
@ -1 +1 @@
-Subproject commit afc3ad3befb3224775ea136a69c1cdf75cf91613
+Subproject commit 5f57cbe813e4266eb349effa44dbd1129b48ee17
--- a/patchinfo.20240821152930070909.269002615871826/_patchinfo
+++ b/patchinfo.20240821152930070909.269002615871826/_patchinfo
@ -0,0 +1,27 @@
+<patchinfo>
+  <!-- generated from request(s) 340505 -->
+  <issue tracker="bnc" id="1216594">VUL-0: CVE-2023-38471: avahi: Reachable assertion in dbus_set_host_name</issue>
+  <issue tracker="bnc" id="1216598">VUL-0: CVE-2023-38469: avahi: CVEs assigned for reachable assertions in avahi</issue>
+  <issue tracker="bnc" id="1226586">avahi-browse -a fails with "Invalid service type"</issue>
+  <issue tracker="cve" id="2023-38469"/>
+  <issue tracker="cve" id="2023-38471"/>
+  <packager>mgorse</packager>
+  <rating>moderate</rating>
+  <category>security</category>
+  <summary>Security update for avahi</summary>
+  <description>This update for avahi fixes the following issues:
+
+Security issues fixed:
+
+- CVE-2023-38471: Extract host name using avahi_unescape_label (bsc#1216594).
+- CVE-2023-38469: Reject overly long TXT resource records (bsc#1216598).
+
+Non-security issue fixed:
+
+- no longer supply bogus services to callbacks (bsc#1226586).
+</description>
+  <package>avahi</package>
+  <package>avahi:glib2</package>
+  <package>avahi:qt5</package>
+  <seperate_build_arch/>
+</patchinfo>