lp:ubuntu/dapper-updates/avahi
- Get this branch:
- bzr branch lp:ubuntu/dapper-updates/avahi
Branch merges
Branch information
Recent revisions
- 40. By Jamie Strandboge
-
* SECURITY UPDATE: denial of service via crafted mDNS packet
- debian/patches/ 80_CVE- 2008-5081. patch: verify port is > 0 in server.c
- CVE-2008-5081
* SECURITY UPDATE: denial of service via empty TXT record over dbus
- debian/patches/ 80_CVE- 2007-3372. patch: set k to empty string in
avahi_dbus_read_ strlst( ) if k in NULL and also check for size in
avahi_string_ list_add_ arbitrary( ) assert
- CVE-2007-3372 - 39. By Kees Cook
-
* SECURITY UPDATE: denial of service via malformed DNS reply.
* Add 'debian/patches/ ubuntu_ 02_endless- dns-loop. patch' from upstream
* References
CVE-2006-6870 - 38. By Martin Pitt
-
* debian/
patches/ ubuntu_ 01_netlink- ownership. patch:
- Previous patch broke operation with network-manager (the kernel sends
funny process IDs, and due to the dropped packets avahi's state gets
scrambled).
- Now verify the packet's user ID instead.
- Thanks to Trent Lloyd for the updated patch.
- Closes: LP#72728 - 37. By Kees Cook
-
* SECURITY UPDATE: all netlink packets were expected to be from the kernel,
which could lead to other local users manipulating Avahi, possibly
crashing the server or gaining Avahi user privileges.
* Add 'debian/patches/ ubuntu_ 01_netlink- ownership. patch' to verify packet
owner, as done in upstream CVS.
* References
CVE-2006-5461 - 36. By ZhengPeng Hou
-
Add kubuntu_
03_fix_ duplicate_ entries_ in_menu. patch
avahi-discover has two entries in menu, so add this
patch fix it . - 35. By Sebastian Dröge
-
* debian/
patches/ 02_avahi- sharp_processes _thread. patch:
+ Patch from upstream SVN:
- ensure the event loop is finished before freeing the poll object
- set Client.Handle to null immediately after freeing it
- fixes a segfault on Client.Dispose() - 34. By Sebastian Dröge
-
* New upstream release
+ SECURITY UPDATE: Fixes CVE-2006-2288 and CVE-2006-2289
* 03_cmsg_too_large. patch,
04_initscript_log_end_ msg.patch,
05_empty_service_ directory. patch,
06_cname_handling. patch,
07_avahi-sharp_missing_ lock.patch,
08_avahi-python_ regex_fix. patch:
- dropped, upstream now
* UVF Exception granted by Colin Watson - 33. By Sebastian Dröge
-
* 08_avahi-
python_ regex_fix. patch (SVN rev 1189):
+ Fix the regex in the ServiceTypeDatabase to also match on service types
with - in them like _sftp-ssh._tcp - 32. By Sebastian Dröge
-
* debian/
patches/ 07_avahi- sharp_missing_ lock.patch (SVN rev 1188):
+ Add a missing lock around the avahi_entry_group_add_ service_ strlst( )
call (Closes: Malone #37647) - 31. By Sebastian Dröge
-
* debian/
patches/ 06_cname_ handling. patch:
+ Fix CNAME handling in avahi (Closes: Malone #36642)
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/karmic/avahi