28 lines
1.1 KiB
Plaintext
28 lines
1.1 KiB
Plaintext
<patchinfo>
|
|
<!-- generated from request(s) 340505 -->
|
|
<issue tracker="bnc" id="1216594">VUL-0: CVE-2023-38471: avahi: Reachable assertion in dbus_set_host_name</issue>
|
|
<issue tracker="bnc" id="1216598">VUL-0: CVE-2023-38469: avahi: CVEs assigned for reachable assertions in avahi</issue>
|
|
<issue tracker="bnc" id="1226586">avahi-browse -a fails with "Invalid service type"</issue>
|
|
<issue tracker="cve" id="2023-38469"/>
|
|
<issue tracker="cve" id="2023-38471"/>
|
|
<packager>mgorse</packager>
|
|
<rating>moderate</rating>
|
|
<category>security</category>
|
|
<summary>Security update for avahi</summary>
|
|
<description>This update for avahi fixes the following issues:
|
|
|
|
Security issues fixed:
|
|
|
|
- CVE-2023-38471: Extract host name using avahi_unescape_label (bsc#1216594).
|
|
- CVE-2023-38469: Reject overly long TXT resource records (bsc#1216598).
|
|
|
|
Non-security issue fixed:
|
|
|
|
- no longer supply bogus services to callbacks (bsc#1226586).
|
|
</description>
|
|
<package>avahi</package>
|
|
<package>avahi:glib2</package>
|
|
<package>avahi:qt5</package>
|
|
<seperate_build_arch/>
|
|
</patchinfo>
|