SUSE_ALP_Standard/patchinfo.20240821152930070909.269002615871826/_patchinfo

28 lines
1.1 KiB
Plaintext

<patchinfo>
<!-- generated from request(s) 340505 -->
<issue tracker="bnc" id="1216594">VUL-0: CVE-2023-38471: avahi: Reachable assertion in dbus_set_host_name</issue>
<issue tracker="bnc" id="1216598">VUL-0: CVE-2023-38469: avahi: CVEs assigned for reachable assertions in avahi</issue>
<issue tracker="bnc" id="1226586">avahi-browse -a fails with "Invalid service type"</issue>
<issue tracker="cve" id="2023-38469"/>
<issue tracker="cve" id="2023-38471"/>
<packager>mgorse</packager>
<rating>moderate</rating>
<category>security</category>
<summary>Security update for avahi</summary>
<description>This update for avahi fixes the following issues:
Security issues fixed:
- CVE-2023-38471: Extract host name using avahi_unescape_label (bsc#1216594).
- CVE-2023-38469: Reject overly long TXT resource records (bsc#1216598).
Non-security issue fixed:
- no longer supply bogus services to callbacks (bsc#1226586).
</description>
<package>avahi</package>
<package>avahi:glib2</package>
<package>avahi:qt5</package>
<seperate_build_arch/>
</patchinfo>