gupnp - Debian Package Tracker

general

source: gupnp (main)
version: 1.2.4-1
maintainer: Debian GNOME Maintainers (archive) (DMD)
uploaders: Jeremy Bicha [DMD] – Laurent Bigonville [DMD]
arch: all any
std-ver: 4.5.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.0.1-1
o-o-sec: 1.0.1-1+deb9u1
oldstable: 1.0.5-0+deb10u1
stable: 1.2.4-1
testing: 1.2.4-1
unstable: 1.2.4-1
exp: 1.2.7-1
NEW/experimental: 1.4.0-1

versioned links

1.0.1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.0.1-1+deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.0.5-0+deb10u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.2.4-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.2.7-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

gir1.2-gupnp-1.2
libgupnp-1.2-0
libgupnp-1.2-dev
libgupnp-doc

action needed

A new upstream version is available: 1.2.7 high

A new upstream version 1.2.7 is available, you should consider packaging it.

Created: 2021-05-26 Last update: 2021-09-20 16:00

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2021-33516: An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x before 1.2.5. It allows DNS rebinding. A remote web server can exploit this vulnerability to trick a victim's browser into triggering actions against local UPnP services implemented using this library. Depending on the affected service, this could be used for data exfiltration, data tempering, etc.

Created: 2021-05-25 Last update: 2021-08-15 00:00

1 security issue in bookworm high

There is 1 open security issue in bookworm.

1 important issue:

CVE-2021-33516: An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x before 1.2.5. It allows DNS rebinding. A remote web server can exploit this vulnerability to trick a victim's browser into triggering actions against local UPnP services implemented using this library. Depending on the affected service, this could be used for data exfiltration, data tempering, etc.

Created: 2021-08-15 Last update: 2021-08-15 00:00

Depends on packages which need a new maintainer normal

The packages that gupnp depends on which need a new maintainer are:

docbook-xml (#802368)
- Build-Depends: docbook-xml
docbook-xsl (#802370)
- Build-Depends: docbook-xsl

Created: 2019-11-22 Last update: 2021-09-20 17:01

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 1.4.0-1, distribution experimental) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit 449a1f6ffe110fece3242ee89613bd94872a6963
Author: Jeremy Bicha <jbicha@debian.org>
Date:   Sun Sep 19 17:37:52 2021 -0400

    releasing package gupnp version 1.4.0-1

commit e2716856e4622ff774fbb62f10cff143c7dfe373
Author: Jeremy Bicha <jbicha@debian.org>
Date:   Sun Sep 19 14:41:43 2021 -0400

    debian/libgupnp-1.2-1.symbols: Update

commit ab352d6612de1c59bd2f2240bd1aff6cc9a2eca3
Author: Jeremy Bicha <jbicha@debian.org>
Date:   Sun Sep 19 14:40:04 2021 -0400

    Rename libgupnp-1.2-0 to libgupnp-1.2-1 to match soname bump

commit 91b39e75284a0784a0832bcc6e7caf229e42f36c
Author: Jeremy Bicha <jbicha@debian.org>
Date:   Sun Sep 19 14:37:41 2021 -0400

    Bump Standards-Version to 4.6.0

commit dbeeff0c67012529d9e5473efe8919b541a78a5e
Author: Jeremy Bicha <jbicha@debian.org>
Date:   Sun Sep 19 14:34:45 2021 -0400

    debian/control.in: Bump minimum gssdp to 1.3.0

commit 625184eaaa003332650c782020fc49ffba9c12bc
Author: Jeremy Bicha <jbicha@debian.org>
Date:   Sat Sep 18 13:25:21 2021 -0400

    debian/rules: Simplify a bit
    
    -Wl,--as-needed is default since Bullseye
    execute_before saves a line of code
    export DPKG_GENSYMBOLS_CHECK_LEVEL = 4 saves a line of code

commit 39c5097dd0e3e9c445b33afce394f501079128be
Author: Jeremy Bicha <jbicha@debian.org>
Date:   Sat Sep 18 13:24:31 2021 -0400

    Bump debhelper-compat to 13
    
    dh_missing --fail-missing is default in dh13

commit 90d9a6924d07049fc9cf3a81f5402ac2cb87c894
Author: Jeremy Bicha <jbicha@debian.org>
Date:   Sat Sep 18 13:23:42 2021 -0400

    Build-Depend on dh-sequence-gir -gnome & -python3

commit 8090fe1d370d964735e83a840eaa5e4a101fef7c
Author: Jeremy Bicha <jbicha@debian.org>
Date:   Sun Sep 19 14:35:56 2021 -0400

    debian/docs: README -> README.md

commit 018a2e46cf3e0420f2f7085d2b17b3db1b0ad140
Author: Jeremy Bicha <jbicha@debian.org>
Date:   Sat Sep 18 13:22:10 2021 -0400

    debian/control.in: Bump minimum meson to 0.54.0 & glib to 2.66

commit c8558e83060a09a993223121c74ae282c73e1b7a
Author: Jeremy Bicha <jbicha@debian.org>
Date:   Sun Sep 19 14:38:27 2021 -0400

    Update debian/watch & debian/gbp.conf for team style

commit 272754607bdf30e48cae50a56d7671d2ea865ab0
Author: Jeremy Bicha <jbicha@debian.org>
Date:   Sat Sep 18 13:20:29 2021 -0400

    New upstream release

commit dead1f316330a6907db9af237d6e8af9c288fe0d
Merge: 47f02c0 94764eb
Author: Jeremy Bicha <jbicha@debian.org>
Date:   Sat Sep 18 13:20:29 2021 -0400

    Update upstream source from tag 'upstream/1.4.0'
    
    Update to upstream version '1.4.0'
    with Debian dir 33b729374bff06dd49409a060a8bc39afbd1bb44

commit 47f02c087106131934d697c9ae54a3c8bf68b34d
Author: Sebastien Bacher <seb128@ubuntu.com>
Date:   Tue Jun 8 16:20:09 2021 +0200

    upload to experimental

commit ed9f84c25430f40e3d0b8c289f1c896c350a9f61
Author: Sebastien Bacher <seb128@ubuntu.com>
Date:   Tue Jun 8 16:16:52 2021 +0200

    updated symbols for the new version

commit 7950c6c8993bf46e29f80e28fbae0bbeab557591
Author: Sebastien Bacher <seb128@ubuntu.com>
Date:   Tue Jun 8 16:16:22 2021 +0200

    updated build requirement

commit 43499ed6f8fd4a38c0a3ac72324237554dd3675d
Author: Sebastien Bacher <seb128@ubuntu.com>
Date:   Tue Jun 8 15:36:38 2021 +0200

    New upstream release

commit e94c4a3ac3ac1e004674dcf19374173277fedfe2
Merge: b4dc32b c919aef
Author: Sebastien Bacher <seb128@ubuntu.com>
Date:   Tue Jun 8 15:36:37 2021 +0200

    Update upstream source from tag 'upstream/1.2.7'
    
    Update to upstream version '1.2.7'
    with Debian dir ef5a76d214368ff7c5dbf4792bce14d901cc3c67

commit b4dc32bae599c70f6416b08fcfa13a5314573ab6
Author: Debian Janitor <janitor@jelmer.uk>
Date:   Fri Sep 18 05:34:52 2020 +0000

    Drop transition for old debug package migration.
    
    Changes-By: lintian-brush
    Fixes: lintian: debug-symbol-migration-possibly-complete
    See-also: https://lintian.debian.org/tags/debug-symbol-migration-possibly-complete.html

commit 73401a3e5cf3494b330b1035db95e0893550961a
Author: Debian Janitor <janitor@jelmer.uk>
Date:   Fri Sep 18 05:33:57 2020 +0000

    Refer to specific version of license GFDL-1.2+.
    
    Changes-By: lintian-brush
    Fixes: lintian: copyright-refers-to-symlink-license
    See-also: https://lintian.debian.org/tags/copyright-refers-to-symlink-license.html
    Fixes: lintian: copyright-refers-to-versionless-license-file
    See-also: https://lintian.debian.org/tags/copyright-refers-to-versionless-license-file.html

commit f5f44f1a1cdbda16a696d1d3707971717136178c
Author: Debian Janitor <janitor@jelmer.uk>
Date:   Fri Sep 18 05:33:06 2020 +0000

    Set upstream metadata fields: Bug-Database, Bug-Submit, Repository, Repository-Browse.
    
    Changes-By: lintian-brush
    Fixes: lintian: upstream-metadata-file-is-missing
    See-also: https://lintian.debian.org/tags/upstream-metadata-file-is-missing.html
    Fixes: lintian: upstream-metadata-missing-bug-tracking
    See-also: https://lintian.debian.org/tags/upstream-metadata-missing-bug-tracking.html
    Fixes: lintian: upstream-metadata-missing-repository
    See-also: https://lintian.debian.org/tags/upstream-metadata-missing-repository.html

commit 7c227bb02af423ab245bb90b050f5555ac35149b
Author: Debian Janitor <janitor@jelmer.uk>
Date:   Fri Sep 18 05:29:30 2020 +0000

    Set debhelper-compat version in Build-Depends.
    
    Changes-By: lintian-brush
    Fixes: lintian: uses-debhelper-compat-file
    See-also: https://lintian.debian.org/tags/uses-debhelper-compat-file.html

commit d170ed922f079328cc1fc5590f57b3784fca987f
Author: Debian Janitor <janitor@jelmer.uk>
Date:   Fri Sep 18 05:28:41 2020 +0000

    Bump debhelper from old 11 to 12.
    
    Changes-By: lintian-brush
    Fixes: lintian: package-uses-old-debhelper-compat-version
    See-also: https://lintian.debian.org/tags/package-uses-old-debhelper-compat-version.html

commit c3b7b104793d85b236c56771c0e804cf32f82593
Author: Sebastien Bacher <seb128@ubuntu.com>
Date:   Wed Sep 16 13:29:35 2020 +0200

    upload to unstable

commit 65e19f45ff48edb03cd70612f4f2940d78dceeb3
Author: Sebastien Bacher <seb128@ubuntu.com>
Date:   Wed Sep 16 13:29:02 2020 +0200

    New upstream release

commit 67f4f8c0b44a19aa0a4c342f2d4c375e16e0aabe
Merge: 6af76e3 adfff60
Author: Sebastien Bacher <seb128@ubuntu.com>
Date:   Wed Sep 16 13:29:01 2020 +0200

    Update upstream source from tag 'upstream/1.2.4'
    
    Update to upstream version '1.2.4'
    with Debian dir 64b3f98c78df739cc380108601833e6c25c570f4

commit 6af76e3f7f96f9af233820192aced4de2851d8a6
Author: Sebastien Bacher <seb128@ubuntu.com>
Date:   Thu Jun 25 17:18:03 2020 +0200

    upload to unstable

commit d68b2f4ec18ace1b931530409ec7ce113a22c567
Author: Sebastien Bacher <seb128@ubuntu.com>
Date:   Thu Jun 25 16:23:14 2020 +0200

    debian/control.in: required libgssdp 1.2.3

commit 6fafdb9d2a639b0a7ebf35503473d9b4a5df9f3f
Author: Sebastien Bacher <seb128@ubuntu.com>
Date:   Thu Jun 25 16:19:41 2020 +0200

    New upstream release

commit 8927a1ee0c52c01bbac9ac3082fe7e00033773c7
Merge: a059c42 e0ad9a8
Author: Sebastien Bacher <seb128@ubuntu.com>
Date:   Thu Jun 25 16:19:40 2020 +0200

    Update upstream source from tag 'upstream/1.2.3'
    
    Update to upstream version '1.2.3'
    with Debian dir 25e2665016512226c721a6e8e0773b236a9b1cb9

commit a059c42f7e3792b1c99370c0afcd7ce5a03f391e
Author: Laurent Bigonville <bigon@debian.org>
Date:   Tue Apr 14 20:06:55 2020 +0200

    debian/rules: Also ignore tests failures on hurd-i386

commit 2942f8f146ad6b826a09630772e8e7db60bf5bc1
Author: Laurent Bigonville <bigon@debian.org>
Date:   Tue Apr 14 18:52:53 2020 +0200

    Release to unstable

commit fb146deb6c723347e0f25c0b3104b8f22892a5e5
Author: Laurent Bigonville <bigon@debian.org>
Date:   Tue Apr 14 18:49:11 2020 +0200

    debian/control.in: Bump Standards-Version to 4.5.0 (no further changes)

commit 191196342d61ab865853a627b12c131a621d051d
Author: Laurent Bigonville <bigon@debian.org>
Date:   Tue Apr 14 18:46:00 2020 +0200

    debian/rules: Make the tests non-fatal on kfreebsd-* as multicast requires to explicitly setup a route
    
    This should fix the FTBFS on kfreebsd-*

commit 953c505febdbeed01ee5ce6a47bc28d2223899b8
Author: Laurent Bigonville <bigon@debian.org>
Date:   Tue Apr 14 13:19:06 2020 +0200

    Drop d/p/disable-multicast-tests.patch, reenable the "bugs" tests
    
    Network access on the loopback interface is allowed since debian policy
    4.2.0 and other tests are also doing network access.
    
    Gbp-Dch: Full

commit 3edbd468e55ffa29e5e372179071d61713f5f463
Author: Laurent Bigonville <bigon@debian.org>
Date:   Wed Jan 8 00:36:25 2020 +0100

    Release to unstable

commit b76643f070f6ccf83f6b562e83957b7cdac05962
Author: Laurent Bigonville <bigon@debian.org>
Date:   Wed Jan 8 00:31:16 2020 +0100

    debian/libgupnp-1.2-0.symbols: Add the newly exported symbols

commit d906832ea949602f232717c046e8d5897c629a53
Author: Laurent Bigonville <bigon@debian.org>
Date:   Wed Jan 8 00:27:49 2020 +0100

    debian/libgupnp-1.2-dev.install: Install the manpage for the gupnp-binding-tool executable

commit 1ab51e57d9f02a86879b651bfd4d3d8e209f127e
Author: Laurent Bigonville <bigon@debian.org>
Date:   Wed Jan 8 00:23:09 2020 +0100

    d/p/include-version-in-manpage.patch: Dropped, merged upstream

commit 5df7c290d430789a511f38ce5ecb1aef3511fa43
Author: Laurent Bigonville <bigon@debian.org>
Date:   Wed Jan 8 00:14:36 2020 +0100

    debian/libgupnp-1.2-0.symbols: Mark gupnp_linux_context_manager_get_type() symbol as arch=linux-any.

commit 40a3ac289d0ebdcb3487772e85d47bb3cade6f5e
Author: Laurent Bigonville <bigon@debian.org>
Date:   Wed Jan 8 00:08:57 2020 +0100

    New upstream release

commit 69b740e6e16506e4d378b03a96658523b09db0ce
Merge: b8b35f6 3abc364
Author: Laurent Bigonville <bigon@debian.org>
Date:   Wed Jan 8 00:08:57 2020 +0100

    Update upstream source from tag 'upstream/1.2.2'
    
    Update to upstream version '1.2.2'
    with Debian dir 0248829569240d6155d436460671b4fb862903b5

commit b8b35f6c26073150a902e5bcd9e334afe1f7f9cb
Author: Laurent Bigonville <bigon@debian.org>
Date:   Tue Dec 31 01:33:47 2019 +0100

    Upload to unstable

commit 1dde124137ff6c116f90a7377d7e0544bc87930f
Author: Laurent Bigonville <bigon@debian.org>
Date:   Tue Dec 31 01:30:15 2019 +0100

    debian/control.in: Mark the -doc package with Build-Profiles: <!nodoc>

commit f1bad98394d2ad3231afdc7bd9560c014fdb5647
Author: Laurent Bigonville <bigon@debian.org>
Date:   Mon Dec 30 01:38:48 2019 +0100

    debian/control.in: Bump Standards-Version to 4.4.1 (no further changes)

commit 2d634ad83be07762dd65f2d0aed3ec205f20c277
Author: Laurent Bigonville <bigon@debian.org>
Date:   Mon Dec 30 01:28:51 2019 +0100

    debian/control.in: Add the needed -doc packages to the build-dependencies so the links between the documentation files are properly resolved

commit f349301cb1a529b30bce478734c0da489f4ecd3e
Author: Sebastien Bacher <seb128@ubuntu.com>
Date:   Sun May 12 17:40:37 2019 +0200

    Upload to experimental

commit cc0d346b1917e156551535cbf8de71cd6c63596a
Author: Sebastien Bacher <seb128@ubuntu.com>
Date:   Sun May 12 17:37:26 2019 +0200

    New upstream release

commit 602598e6d719a0708cd8179f4316a29abe0ae04f
Merge: f68f089 eb358df
Author: Sebastien Bacher <seb128@ubuntu.com>
Date:   Sun May 12 17:37:25 2019 +0200

    Update upstream source from tag 'upstream/1.2.1'
    
    Update to upstream version '1.2.1'
    with Debian dir 2ff7844811657fba4f43591e1345f02d18b87693

commit f68f0890a4d0f69a7c20475e8daa8e235f62451d
Author: Jeremy Bicha <jbicha@debian.org>
Date:   Sun Mar 17 08:04:24 2019 -0400

    releasing package gupnp version 1.2.0-1

Created: 2021-09-19 Last update: 2021-09-19 23:35

lintian reports 3 warnings normal

Lintian reports 3 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2020-09-21 Last update: 2021-06-25 10:04

Multiarch hinter reports 1 issue(s) low

There are issues with the multiarch metadata for this package.

libgupnp-doc could be marked Multi-Arch: foreign

Created: 2018-12-05 Last update: 2021-09-20 12:08

1 low-priority security issue in buster low

There is 1 open security issue in buster.

1 issue left for the package maintainer to handle:

CVE-2021-33516: (needs triaging) An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x before 1.2.5. It allows DNS rebinding. A remote web server can exploit this vulnerability to trick a victim's browser into triggering actions against local UPnP services implemented using this library. Depending on the affected service, this could be used for data exfiltration, data tempering, etc.

You can find information about how to handle this issue in the security team's documentation.

Created: 2021-05-25 Last update: 2021-08-15 00:00

1 low-priority security issue in bullseye low

There is 1 open security issue in bullseye.

1 issue left for the package maintainer to handle:

CVE-2021-33516: (needs triaging) An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x before 1.2.5. It allows DNS rebinding. A remote web server can exploit this vulnerability to trick a victim's browser into triggering actions against local UPnP services implemented using this library. Depending on the affected service, this could be used for data exfiltration, data tempering, etc.

You can find information about how to handle this issue in the security team's documentation.

Created: 2021-08-14 Last update: 2021-08-15 00:00

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.6.0 instead of 4.5.0).

Created: 2020-09-26 Last update: 2021-08-18 14:03

news

[rss feed]

[2021-06-08] Accepted gupnp 1.2.7-1 (source) into experimental (Sebastien Bacher)
[2020-09-21] gupnp 1.2.4-1 MIGRATED to testing (Debian testing watch)
[2020-09-21] gupnp 1.2.4-1 MIGRATED to testing (Debian testing watch)
[2020-09-16] Accepted gupnp 1.2.4-1 (source) into unstable (Sebastien Bacher)
[2020-08-24] Accepted gupnp 1.0.5-0+deb10u1 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Emilio Pozuelo Monfort)
[2020-08-06] Accepted gupnp 1.0.1-1+deb9u1 (source) into oldstable (Emilio Pozuelo Monfort)
[2020-07-03] gupnp 1.2.3-1 MIGRATED to testing (Debian testing watch)
[2020-06-25] Accepted gupnp 1.2.3-1 (source) into unstable (Sebastien Bacher)
[2020-04-20] gupnp 1.2.2-2 MIGRATED to testing (Debian testing watch)
[2020-04-14] Accepted gupnp 1.2.2-2 (source) into unstable (Laurent Bigonville)
[2020-01-13] gupnp 1.2.2-1 MIGRATED to testing (Debian testing watch)
[2020-01-08] gupnp 1.2.1-2 MIGRATED to testing (Debian testing watch)
[2020-01-08] Accepted gupnp 1.2.2-1 (source) into unstable (Laurent Bigonville)
[2019-12-31] Accepted gupnp 1.2.1-2 (source) into unstable (Laurent Bigonville)
[2019-05-12] Accepted gupnp 1.2.1-1 (source) into experimental (Sebastien Bacher)
[2019-03-17] Accepted gupnp 1.2.0-1 (source) into experimental (Jeremy Bicha)
[2019-02-28] Accepted gupnp 1.1.2-1 (source amd64 all) into experimental, experimental (Jeremy Bicha)
[2018-12-31] gupnp 1.0.3-3 MIGRATED to testing (Debian testing watch)
[2018-12-26] Accepted gupnp 1.0.3-3 (source) into unstable (Jeremy Bicha)
[2018-12-10] gupnp 1.0.3-2 MIGRATED to testing (Debian testing watch)
[2018-12-04] Accepted gupnp 1.0.3-2 (source) into unstable (Sebastien Bacher)
[2018-09-20] gupnp 1.0.3-1 MIGRATED to testing (Debian testing watch)
[2018-09-15] Accepted gupnp 1.0.3-1 (source) into unstable (Jeremy Bicha)
[2017-12-05] gupnp 1.0.2-2 MIGRATED to testing (Debian testing watch)
[2017-11-29] Accepted gupnp 1.0.2-2 (source) into unstable (Jeremy Bicha)
[2017-11-17] Accepted gupnp 1.0.2-1 (source) into unstable (Jeremy Bicha)
[2016-10-29] gupnp 1.0.1-1 MIGRATED to testing (Debian testing watch)
[2016-10-23] Accepted gupnp 1.0.1-1 (source) into unstable (Andreas Henriksson)
[2016-09-28] gupnp 1.0.0-1 MIGRATED to testing (Debian testing watch)
[2016-09-22] Accepted gupnp 1.0.0-1 (source amd64 all) into unstable (Andreas Henriksson)

bugs [bug history graph]

all: 0

links

homepage
lintian (0, 3)
buildd: logs, exp, clang, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.2.7-1