-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Tue, 23 Jul 2013 11:16:15 +0800 Source: miniupnpd Binary: miniupnpd Architecture: source amd64 Version: 1.8.20130730-1 Distribution: unstable Urgency: low Maintainer: Thomas Goirand <zigo@debian.org> Changed-By: Thomas Goirand <zigo@debian.org> Description: miniupnpd - daemon providing UPnP Internet Gateway Device (IGD) services Closes: 686287 686537 716936 Changes: miniupnpd (1.8.20130730-1) unstable; urgency=low . * Uploading to unstable. * New upstream release fixing CVE-2013-2600: MiniUPnPd versions 1.8 and earlier are prone to an information disclosure vulnerability due to improper use of snprintf() while preparing SSDP responses. An attacker can exploit this vulnerability by sending a crafted request with a long ST header. If the header is long enough, the SSDP response buffer will be truncated by snprintf() and the subsequent sendto() call will read off the end of the buffer thereby disclosing the contents of adjacent memory. This response can reveal details of internal network topology as well as other activity on the target network. Fix at: . https://github.com/miniupnp/miniupnp/commit/18887cb1e49295e69c308d8bb1f2526798a77429 . Correctly handle truncated snprintf() in SSDP code (Closes: #716936, #686537). * Now packaging using pristine-tar git-import-orig. * Added new IPv6 rules in the init script, and its configuration through debconf (Closes: #686287). * Fixed the clean process. * Removes now obsolete patches. * Build-Depends on libnfnetlink-dev. * Standards-Version: 3.9.4. * Canonical URLs for VCS feilds. Checksums-Sha1: ad27cb1d02837cf2697a4c71fc10bfd2a1233ff5 1292 miniupnpd_1.8.20130730-1.dsc 32eed969a6c653d6d5ccd236ee50275c933d020e 149904 miniupnpd_1.8.20130730.orig.tar.gz 8a8e717ebfa7d17ec725ed5966b458361ce6cf32 8872 miniupnpd_1.8.20130730-1.debian.tar.xz ce9841a2b27d6a2858f18bd4fc38ec1466261cd5 67800 miniupnpd_1.8.20130730-1_amd64.deb Checksums-Sha256: 65f02c3cc4053800cd27fac1c8419df092511044bd86da293091c41f62e12011 1292 miniupnpd_1.8.20130730-1.dsc 919ab6ec719959fff9bdae3f1d83f6a39c43fa4a6d3f2c48077f43729d3d7d43 149904 miniupnpd_1.8.20130730.orig.tar.gz f3927fa607bc14c4e96be777000449d58ed219f63a7d614d283d95dc8bfa77eb 8872 miniupnpd_1.8.20130730-1.debian.tar.xz dfbc044c32952f62cdc33a0651136a47b2b1671fced3106d26ca46683fd4cc85 67800 miniupnpd_1.8.20130730-1_amd64.deb Files: 4b24103d02e186b60ce1594fc7a17343 1292 net optional miniupnpd_1.8.20130730-1.dsc 5d0789e920a1b1160b04738c13e84e6a 149904 net optional miniupnpd_1.8.20130730.orig.tar.gz 0114836bb9c5fa440f5100f1f37c2fd8 8872 net optional miniupnpd_1.8.20130730-1.debian.tar.xz bad2ba5fc85ac0fa97cac2cec7f033bf 67800 net optional miniupnpd_1.8.20130730-1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) iEYEARECAAYFAlH64YEACgkQl4M9yZjvmkkHFACfc3y5YTAyWvU4FCfy4Cb8RGAn qmMAnjqcUZZgWFuPhT4OiKqwyPVxorKl =xSqY -----END PGP SIGNATURE-----