-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 24 Oct 2016 22:46:46 +0100 Source: minissdpd Binary: minissdpd Architecture: source Version: 1.2.20130907-3+deb8u1 Distribution: jessie Urgency: high Maintainer: Thomas Goirand <zigo@debian.org> Changed-By: James Cowgill <jcowgill@debian.org> Description: minissdpd - keep memory of all UPnP devices that announced themselves Closes: 816759 Changes: minissdpd (1.2.20130907-3+deb8u1) jessie; urgency=high . * Non-maintainer upload. * Fix CVE-2016-3178 and CVE-2016-3179. (Closes: #816759) The minissdpd daemon contains a improper validation of array index vulnerability (CWE-129) when processing requests sent to the Unix socket at /var/run/minissdpd.sock the Unix socket can be accessed by an unprivileged user to send invalid request causes an out-of-bounds memory access that crashes the minissdpd daemon. Checksums-Sha1: 1d4e123c34c7e3d23a1d61ead86f4be2dcfd4ecd 1912 minissdpd_1.2.20130907-3+deb8u1.dsc 515c45758c0e8220012c8687a60fefd1526ae7eb 6440 minissdpd_1.2.20130907-3+deb8u1.debian.tar.xz Checksums-Sha256: 2104bb177beee002212ea9fac5eafb848b666bdcda10b1cf6833e30dba395b41 1912 minissdpd_1.2.20130907-3+deb8u1.dsc 7fb1982fcb81b2d4eb62b1fff2ad43bdc24e52a59a5e8d743d966630d00e61db 6440 minissdpd_1.2.20130907-3+deb8u1.debian.tar.xz Files: bafcb48b4c6d0f6bc69716a2aabc7ee0 1912 net optional minissdpd_1.2.20130907-3+deb8u1.dsc 134860e3a3a12933aa9f2198ab666098 6440 net optional minissdpd_1.2.20130907-3+deb8u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJYGK9vAAoJEMfxZ23qLQHvw50QAIJOvs9LdZJnXS4scrWyxQft Lc8EO1M6OszA6GVB1GuQdZb0YQNFBIB5Pi2Lnqw6TI3Rv40SFrSfRy876fPGk+TS 5aR1ChzksDcDWsuFje2QYVdxhkZ4w5j6v9iIYrUpmXwuY7oa5+5f6VF1O4gxGVVT oWwJGw0HRAKyY2M8qwa0tZIcE7JeNBrv7/qjM+2IJDdwclMPGGjy/RE8yKGz7DyK YfQ11Z0uIELwT7tnHZq9LF61w1BpUIV3Iibs3TgLdmtJTJdjoxqcBf2yAO6T8aCa yA/P8uPNNmgFvxaC2tn3cfwzmmnep+15Gl6aBcDAdEw/R0kZ4CAAyfxl9ScLuVg6 fhsVGcH48AcdLQDod0XRQKFMKQMj1mnSe2b2P3eqIZHWw9r4cpe3MmMc0RGACSVF oGfvX5ANF6xylg+23mnvF6PhOkjEkQ6NVTS39j7ycBajwTnXyUA0AYtAq2vBfHJH hsRiC7ZiEmmlvKDKexySUlPu9YmfwGeewDBNCJXTnDDMlUOqtiPPEClvtQYaSDCk s/csE+7ceIXIH0lAb9yh8usA/d3XX4NzFamw4TSeyPXXctFYgDz+HhvjM4HF9Tak OT131qfyKIaLPwFMkDk6c7T0GwxIduLd/RKRPwt3oQXBqaKEmKDBagEjVRkO78OO T4ZVSaD34S+C9Tlfedch =nQVr -----END PGP SIGNATURE-----