maintainer-feedback requested: [Bug 291860] net/avahi-app: vulnerable to CVE-2025-59529
- In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 291860] net/avahi-app: vulnerable to CVE-2025-59529"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sun, 21 Dec 2025 17:43:30 UTC
Bugzilla Automation <bugzilla@FreeBSD.org> has asked freebsd-desktop (Team) <desktop@FreeBSD.org> for maintainer-feedback: Bug 291860: net/avahi-app: vulnerable to CVE-2025-59529 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=291860 --- Description --- 0.8 is vulerable to: CVE-2025-59529 - simple protocol server ignores the documented client limit and accepts unlimited connections, allowing for easy local DoS For more information please read: https://github.com/avahi/avahi/security/advisories/GHSA-73wf-3xmj-x82q However, `0.9` has not been released yet, and the only patched version is `0.9-rc2`. The patch could be cherry picked and applied to the port, however due to this being a moderate cve which is local-only, and is a denial of service, it really doesn't seem to be a big deal. Nethertheless, I have created an issue to track this. I have also attached a vuxml for the CVE.