Summary: | <net-dns/avahi-0.7-r2: Multicast DNS responds to unicast queries outside of local network (CVE-2017-6519) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Andrey Ovcharov <sudormrfhalt> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | blueness |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://nvd.nist.gov/vuln/detail/CVE-2017-6519 | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
Andrey Ovcharov
2017-08-04 01:44:47 UTC
Upstream Bug: https://github.com/lathiat/avahi/issues/145 Update: "Drop legacy unicast queries from address not on local link" https://github.com/lathiat/avahi/commit/e111def44a7df4624a4aa3f85fe98054bffb6b4f https://github.com/lathiat/avahi/compare/v0.7...master net-dns/avahi: | a | | | m | | | d x | | | 6 8 | | | 4 6 | u | | a a a p s | | | n | | l m r i p h m s p f m f | e u s | r | p d a m a p c x p 6 3 a b i b | a s l | e | h 6 r 6 6 p 6 8 p 8 9 s r s p s | p e o | p | a 4 m 4 4 c 4 6 a k 0 h c d s d | i d t | o ----------+---------------------------------+-------+------- 0.6.32 | o o o o o o o o + o o o o o o o | 5 # 0 | gentoo 0.7-r1 | + + + + + + + + + o + o + ~ ~ o | 6 o | gentoo 0.7-r2 | ~ ~ ~ ~ ~ ~ ~ ~ ~ o ~ o ~ ~ ~ o | 6 o | gentoo Seems bug 635418 closes this one also. (In reply to D'juan McDonald (domhnall) from comment #2) > Update: "Drop legacy unicast queries from address not on local link" > > https://github.com/lathiat/avahi/commit/ > e111def44a7df4624a4aa3f85fe98054bffb6b4f > https://github.com/lathiat/avahi/compare/v0.7...master > > > net-dns/avahi: > | a | | > | m | | > | d x | | > | 6 8 | | > | 4 6 | u | > | a a a p s | | | n | > | l m r i p h m s p f m f | e u s | r > | p d a m a p c x p 6 3 a b i b | a s l | e > | h 6 r 6 6 p 6 8 p 8 9 s r s p s | p e o | p > | a 4 m 4 4 c 4 6 a k 0 h c d s d | i d t | o > ----------+---------------------------------+-------+------- > 0.6.32 | o o o o o o o o + o o o o o o o | 5 # 0 | gentoo > 0.7-r1 | + + + + + + + + + o + o + ~ ~ o | 6 o | gentoo > 0.7-r2 | ~ ~ ~ ~ ~ ~ ~ ~ ~ o ~ o ~ ~ ~ o | 6 o | gentoo > > Seems bug 635418 closes this one also. How so? 33 commits made to master since the 0.7 release. No patches in the tree address this... I added it to the tree. Was fixed in 0.7-r2, tree is clean now. Setting to [glsa?]. GLSA Vote: No Thank you all for you work. Closing as [noglsa]. |