Am 19.12.24 um 08:24 schrieb Adrian Bunk:
Package: release.debian.org
Severity: normal
Tags: bookworm moreinfo
User: release.debian.org@packages.debian.org
Usertags: pu
X-Debbugs-Cc: security@debian.org, Michael Biebl <biebl@debian.org>, Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>
* core: make sure there is rdata to process before parsing it.
Patch cherry-picked from upstream Git.
(CVE-2023-38472, Closes: #1054879)
* core: reject overly long TXT resource records.
Patches cherry-picked from upstream Git.
(CVE-2023-38469, Closes: #1054876)
* Ensure each label is at least one byte long.
Patch cherry-picked from upstream Git.
(CVE-2023-38470, Closes: #1054877)
* core: extract host name using avahi_unescape_label()
Patch cherry-picked from upstream Git.
(CVE-2023-38471, Closes: #1054878)
* common: derive alternative host name from its unescaped version.
Patch cherry-picked from upstream Git.
(CVE-2023-38473, Closes: #1054880)
* Fix browsing when invalid services present.
See https://github.com/lathiat/avahi/issues/212
Tagged moreinfo for two reasons:
1. This is work done by Michael Biebl, it would be fine for me
to close this request for a maintainer upload.
The debdiff looks good to me. Thanks for preparing it. Since you've already done the work, I'm fine with the pu as-is and I would just import the NMU into a debian/bookworm branch in salsa.
Michael
Attachment:
OpenPGP_signature.asc
Description: OpenPGP digital signature