Accepted minissdpd 1.1.20120121-1+deb7u1 (source i386) into oldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 28 Mar 2016 12:03:02 +0100
Source: minissdpd
Binary: minissdpd
Architecture: source i386
Version: 1.1.20120121-1+deb7u1
Distribution: wheezy-security
Urgency: high
Maintainer: Thomas Goirand <zigo@debian.org>
Changed-By: Thorsten Alteholz <debian@alteholz.de>
Description:
minissdpd - keep memory of all UPnP devices that announced themselves
Changes:
minissdpd (1.1.20120121-1+deb7u1) wheezy-security; urgency=high
.
* Non-maintainer upload by the Wheezy LTS Team.
* patch for CVE-2016-3178 + CVE-2016-3179
The minissdpd daemon contains a improper validation of array index
vulnerability (CWE-129) when processing requests sent to the Unix
socket at /var/run/minissdpd.sock the Unix socket can be accessed
by an unprivileged user to send invalid request causes an
out-of-bounds memory access that crashes the minissdpd daemon.
Checksums-Sha1:
b1715ea284baedabe63c714e9025b55f7f13237e 2011 minissdpd_1.1.20120121-1+deb7u1.dsc
540665702a17ca5de304929c921988b7c940091d 17762 minissdpd_1.1.20120121.orig.tar.gz
a1c2877dae708201d46a0cdd4b006b34d335d370 6257 minissdpd_1.1.20120121-1+deb7u1.debian.tar.gz
eb7d201578442960de3ae2d7291fcf76d9e0aef7 17222 minissdpd_1.1.20120121-1+deb7u1_i386.deb
Checksums-Sha256:
c56a1871c514d7edc29eaa1df8b91c0bff65ece098abb5853d8ac3b1fe23af64 2011 minissdpd_1.1.20120121-1+deb7u1.dsc
a404599e6884d246524b0139c80cf4997ff2dcf0525163514e8c960f573be636 17762 minissdpd_1.1.20120121.orig.tar.gz
f41bb3569fe9142c41450d71c0986a8424011afedc1e876b6d5242ae7614898c 6257 minissdpd_1.1.20120121-1+deb7u1.debian.tar.gz
aa532a3347d49f6bbc4476c0bb1c66b03620734d16a050b615715bb7f12e6198 17222 minissdpd_1.1.20120121-1+deb7u1_i386.deb
Files:
1f6472997abc6f54592de1331a457f0a 2011 net optional minissdpd_1.1.20120121-1+deb7u1.dsc
0e7eab6b9a30eeddea18aae30fe9fd0a 17762 net optional minissdpd_1.1.20120121.orig.tar.gz
d868b58810eda816ffb94e3e276462dc 6257 net optional minissdpd_1.1.20120121-1+deb7u1.debian.tar.gz
151875a57848296373a0fdc22ee004b8 17222 net optional minissdpd_1.1.20120121-1+deb7u1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQJ8BAEBCgBmBQJXKONXXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHVjUP/RH5ObyZ67QJ+gs5ZvRIAWbt
QPx74MLwMXfZXNhHXt9g1DUMSFGscDzwJbcEKhY3wtToQapmQY9vlb4OXhTKSkqk
aMrKBPxL/nvprYzplR4P6++NLw/CeifW3f5jFEYgY6KXV4ZhEZzn3xdTPYUxTvLb
SX54Kf0dKvHj32WXSadMxUrAdC6pON/clQXeOq2LjvoK5dVB11SSFl/1Y/G2Qr8e
X7wIuILrZ95zrvGfbPAT9kT8N4WT7EKfKpVGO6BzETTog4j3zpgSWVh+iaWAUxeO
sp+IxK14iCvbrsBR0R17dzfBismwi+UCslNuq2O1MEMATSOUb+jZZosdABQhroeH
Vvo+RRDWPvFS7hgTwFmJIn3xn5jh6Q6S4j5YjbcYeQE8iGzIKsH5gXUSUNomQvYM
9fPz3kJMhkLYhKPBJcHvrtSXCGfMncFOdY9eJPe30jRiROuOwKkluIuaaKf8GX5x
InxZPGvkBtTgt7OWyHHslSX9fCqxzfu9F1uXDIgYvLgoBpLO6b6+GkLzdKcRphWo
Pgs+pFscFm6/T5jJVr0t2iIgxJOP4RLx495gZZ7AsixuzDXEJmsdE7LTuhJA9QBx
SR3Pa1ObVsWVxmNCuzqSE+bT1lpJGh3jscDbF48YWdYdNZw4nHPmtUTct3/OQHi+
jObvo8vNP7ioX8Y8p0rE
=f1hn
-----END PGP SIGNATURE-----