-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 28 Mar 2016 12:03:02 +0100 Source: minissdpd Binary: minissdpd Architecture: source i386 Version: 1.1.20120121-1+deb7u1 Distribution: wheezy-security Urgency: high Maintainer: Thomas Goirand <zigo@debian.org> Changed-By: Thorsten Alteholz <debian@alteholz.de> Description: minissdpd - keep memory of all UPnP devices that announced themselves Changes: minissdpd (1.1.20120121-1+deb7u1) wheezy-security; urgency=high . * Non-maintainer upload by the Wheezy LTS Team. * patch for CVE-2016-3178 + CVE-2016-3179 The minissdpd daemon contains a improper validation of array index vulnerability (CWE-129) when processing requests sent to the Unix socket at /var/run/minissdpd.sock the Unix socket can be accessed by an unprivileged user to send invalid request causes an out-of-bounds memory access that crashes the minissdpd daemon. Checksums-Sha1: b1715ea284baedabe63c714e9025b55f7f13237e 2011 minissdpd_1.1.20120121-1+deb7u1.dsc 540665702a17ca5de304929c921988b7c940091d 17762 minissdpd_1.1.20120121.orig.tar.gz a1c2877dae708201d46a0cdd4b006b34d335d370 6257 minissdpd_1.1.20120121-1+deb7u1.debian.tar.gz eb7d201578442960de3ae2d7291fcf76d9e0aef7 17222 minissdpd_1.1.20120121-1+deb7u1_i386.deb Checksums-Sha256: c56a1871c514d7edc29eaa1df8b91c0bff65ece098abb5853d8ac3b1fe23af64 2011 minissdpd_1.1.20120121-1+deb7u1.dsc a404599e6884d246524b0139c80cf4997ff2dcf0525163514e8c960f573be636 17762 minissdpd_1.1.20120121.orig.tar.gz f41bb3569fe9142c41450d71c0986a8424011afedc1e876b6d5242ae7614898c 6257 minissdpd_1.1.20120121-1+deb7u1.debian.tar.gz aa532a3347d49f6bbc4476c0bb1c66b03620734d16a050b615715bb7f12e6198 17222 minissdpd_1.1.20120121-1+deb7u1_i386.deb Files: 1f6472997abc6f54592de1331a457f0a 2011 net optional minissdpd_1.1.20120121-1+deb7u1.dsc 0e7eab6b9a30eeddea18aae30fe9fd0a 17762 net optional minissdpd_1.1.20120121.orig.tar.gz d868b58810eda816ffb94e3e276462dc 6257 net optional minissdpd_1.1.20120121-1+deb7u1.debian.tar.gz 151875a57848296373a0fdc22ee004b8 17222 net optional minissdpd_1.1.20120121-1+deb7u1_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQJ8BAEBCgBmBQJXKONXXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5 NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHVjUP/RH5ObyZ67QJ+gs5ZvRIAWbt QPx74MLwMXfZXNhHXt9g1DUMSFGscDzwJbcEKhY3wtToQapmQY9vlb4OXhTKSkqk aMrKBPxL/nvprYzplR4P6++NLw/CeifW3f5jFEYgY6KXV4ZhEZzn3xdTPYUxTvLb SX54Kf0dKvHj32WXSadMxUrAdC6pON/clQXeOq2LjvoK5dVB11SSFl/1Y/G2Qr8e X7wIuILrZ95zrvGfbPAT9kT8N4WT7EKfKpVGO6BzETTog4j3zpgSWVh+iaWAUxeO sp+IxK14iCvbrsBR0R17dzfBismwi+UCslNuq2O1MEMATSOUb+jZZosdABQhroeH Vvo+RRDWPvFS7hgTwFmJIn3xn5jh6Q6S4j5YjbcYeQE8iGzIKsH5gXUSUNomQvYM 9fPz3kJMhkLYhKPBJcHvrtSXCGfMncFOdY9eJPe30jRiROuOwKkluIuaaKf8GX5x InxZPGvkBtTgt7OWyHHslSX9fCqxzfu9F1uXDIgYvLgoBpLO6b6+GkLzdKcRphWo Pgs+pFscFm6/T5jJVr0t2iIgxJOP4RLx495gZZ7AsixuzDXEJmsdE7LTuhJA9QBx SR3Pa1ObVsWVxmNCuzqSE+bT1lpJGh3jscDbF48YWdYdNZw4nHPmtUTct3/OQHi+ jObvo8vNP7ioX8Y8p0rE =f1hn -----END PGP SIGNATURE-----
