Back to minissdpd PTS page

Accepted minissdpd 1.2.20130907-3.2 (source) into unstable

To: debian-devel-changes@lists.debian.org
Subject: Accepted minissdpd 1.2.20130907-3.2 (source) into unstable
From: James Cowgill <jcowgill@debian.org>
Date: Mon, 24 Oct 2016 23:01:32 +0000
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1byoFI-00054Y-3N@franck.debian.org>
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 24 Oct 2016 08:54:59 +0100
Source: minissdpd
Binary: minissdpd
Architecture: source
Version: 1.2.20130907-3.2
Distribution: unstable
Urgency: high
Maintainer: Thomas Goirand <zigo@debian.org>
Changed-By: James Cowgill <jcowgill@debian.org>
Description:
 minissdpd  - keep memory of all UPnP devices that announced themselves
Closes: 816759
Changes:
 minissdpd (1.2.20130907-3.2) unstable; urgency=high
 .
   * Non-maintainer upload.
   * Fix CVE-2016-3178 and CVE-2016-3179. (Closes: #816759)
     The minissdpd daemon contains a improper validation of array index
     vulnerability (CWE-129) when processing requests sent to the Unix
     socket at /var/run/minissdpd.sock the Unix socket can be accessed
     by an unprivileged user to send invalid request causes an
     out-of-bounds memory access that crashes the minissdpd daemon.
Checksums-Sha1:
 9faacd5cfd6b605f095608acdf190ae5aaff15cd 1901 minissdpd_1.2.20130907-3.2.dsc
 238e91135a0b6902087220567550aaf5ee1b3538 6612 minissdpd_1.2.20130907-3.2.debian.tar.xz
Checksums-Sha256:
 38985689119f7463b9f0715efc14e2a04752be7c34ecf0af0974f7b172cbc619 1901 minissdpd_1.2.20130907-3.2.dsc
 95a6d6c9265d0b67acd5dc97d4512195a846ec93da58de2ad66f0bb429bf3ab9 6612 minissdpd_1.2.20130907-3.2.debian.tar.xz
Files:
 fdba319ce4396886e263c5523a24c239 1901 net optional minissdpd_1.2.20130907-3.2.dsc
 4b3a6c7ee7ce6b9f740de05014cdc642 6612 net optional minissdpd_1.2.20130907-3.2.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJYDn7lAAoJEMfxZ23qLQHvX/wQAKpXbyzD2ywgl5ZeAarEwJYx
y2WHvChFhdAypNqQ11o4FS3WsIyxAYTg0fVKoAcQ44JEbBDSpAPitUIWf7u9nyow
X6KhKF4/msdD/RiwpLePAxmOFL+spsy7nBdFwbXUe2fjCv56hsZcK+dD+pbUtzmj
vXeAtYc3JZ711li6HRno2lZcA/fZkOg9jDIJ60ncz87LlR0TeQpOwmKhbsHa0egf
21uHZoBZvTxIFGe3CVIC74r3eKW1vbAznF7uvQyy3QjXK1HM/yqverE+F35HYywi
ii4rSE2FbTTSJYkFoZI1N3u1x4fVFB3Qpkp8Ti//YoARUZsCOBORHdyiW7VFIyRV
AIrGVUTU3bCGm66bYMYXa/4lsBNmkv7zp05S8kpRgDs/BkoXmehNUwuueDhFCNR7
LVHAIcF8mai3N3sg/2i7vVBDsl+GczvA+sCR2f3YkF53gcFQDC0mLsxO86K74DmV
qeZ/LXJFIWhHqFab+5vvYRE9kwdMtQmMUfxEn5SKX4uvjFnDGtBODgeM5gFL89pm
p2n7JfpAgRFgb3JoZqhBXCn4DC+/aOF1tW27whzqPdjjX836BMcL01IqTNRTgfzU
yaKSMPHy9zPzzh2JN6hhXwURouk5HRLNlMujTwu0Dww3P79NcPH4pgwo5HADT4/c
Bi3tCA9555QTKtm092Js
=pda3
-----END PGP SIGNATURE-----