[ubuntu/saucy-proposed] miniupnpd 1.8.20130730-1 (Accepted)
Jeremy Bicha
jbicha at ubuntu.com
Fri Aug 16 02:49:36 UTC 2013
miniupnpd (1.8.20130730-1) unstable; urgency=low
* Uploading to unstable.
* New upstream release fixing CVE-2013-2600: MiniUPnPd versions 1.8 and
earlier are prone to an information disclosure vulnerability due to
improper use of snprintf() while preparing SSDP responses. An attacker can
exploit this vulnerability by sending a crafted request with a long ST
header. If the header is long enough, the SSDP response buffer will be
truncated by snprintf() and the subsequent sendto() call will read off the
end of the buffer thereby disclosing the contents of adjacent memory. This
response can reveal details of internal network topology as well as other
activity on the target network. Fix at:
.
https://github.com/miniupnp/miniupnp/commit/18887cb1e49295e69c308d8bb1f2526798a77429
.
Correctly handle truncated snprintf() in SSDP code (Closes: #716936,
#686537).
* Now packaging using pristine-tar git-import-orig.
* Added new IPv6 rules in the init script, and its configuration through
debconf (Closes: #686287).
* Fixed the clean process.
* Removes now obsolete patches.
* Build-Depends on libnfnetlink-dev.
* Standards-Version: 3.9.4.
* Canonical URLs for VCS feilds.
Date: 2013-08-15 22:20:51.165202+00:00
Signed-By: Jeremy Bicha <jbicha at ubuntu.com>
https://launchpad.net/ubuntu/saucy/+source/miniupnpd/1.8.20130730-1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Saucy-changes
mailing list