[ubuntu/saucy-proposed] miniupnpd 1.8.20130730-1 (Accepted)

Fri Aug 16 02:49:36 UTC 2013

miniupnpd (1.8.20130730-1) unstable; urgency=low

  * Uploading to unstable.
  * New upstream release fixing CVE-2013-2600: MiniUPnPd versions 1.8 and
    earlier are prone to an information disclosure vulnerability due to
    improper use of snprintf() while preparing SSDP responses. An attacker can
    exploit this vulnerability by sending a crafted request with a long ST
    header. If the header is long enough, the SSDP response buffer will be
    truncated by snprintf() and the subsequent sendto() call will read off the
    end of the buffer thereby disclosing the contents of adjacent memory. This
    response can reveal details of internal network topology as well as other
    activity on the target network. Fix at:
    .
    https://github.com/miniupnp/miniupnp/commit/18887cb1e49295e69c308d8bb1f2526798a77429
    .
    Correctly handle truncated snprintf() in SSDP code (Closes: #716936,
    #686537).
  * Now packaging using pristine-tar git-import-orig.
  * Added new IPv6 rules in the init script, and its configuration through
    debconf (Closes: #686287).
  * Fixed the clean process.
  * Removes now obsolete patches.
  * Build-Depends on libnfnetlink-dev.
  * Standards-Version: 3.9.4.
  * Canonical URLs for VCS feilds.

Date: 2013-08-15 22:20:51.165202+00:00
Signed-By: Jeremy Bicha <jbicha at ubuntu.com>
https://launchpad.net/ubuntu/saucy/+source/miniupnpd/1.8.20130730-1
-------------- next part --------------
Sorry, changesfile not available.