gupnp - Debian Package Tracker

general

source: gupnp (main)
version: 1.4.3-1
maintainer: Debian GNOME Maintainers (archive) (DMD)
uploaders: Jeremy Bicha [DMD] – Laurent Bigonville [DMD]
arch: all any
std-ver: 4.6.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.0.1-1
o-o-sec: 1.0.1-1+deb9u1
oldstable: 1.0.5-0+deb10u1
stable: 1.2.4-1
testing: 1.4.3-1
unstable: 1.4.3-1

versioned links

1.0.1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.0.1-1+deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.0.5-0+deb10u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.2.4-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.4.3-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

gir1.2-gupnp-1.2
libgupnp-1.2-1 (1 bugs: 0, 0, 1, 0)
libgupnp-1.2-dev
libgupnp-doc

action needed

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2021-33516: An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x before 1.2.5. It allows DNS rebinding. A remote web server can exploit this vulnerability to trick a victim's browser into triggering actions against local UPnP services implemented using this library. Depending on the affected service, this could be used for data exfiltration, data tempering, etc.

Created: 2021-05-25 Last update: 2022-02-06 05:35

1 security issue in bookworm high

There is 1 open security issue in bookworm.

1 important issue:

CVE-2021-33516: An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x before 1.2.5. It allows DNS rebinding. A remote web server can exploit this vulnerability to trick a victim's browser into triggering actions against local UPnP services implemented using this library. Depending on the affected service, this could be used for data exfiltration, data tempering, etc.

Created: 2021-08-15 Last update: 2022-02-06 05:35

1 new commit since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit 71c3ae90e227043e6ce5c03f7a98e70fd5307a89
Author: Jeremy Bicha <jeremy.bicha@canonical.com>
Date:   Wed Apr 27 12:59:59 2022 -0400

    Update debian/watch
    
    Gbp-Dch: Ignore

Created: 2022-04-27 Last update: 2022-05-17 08:42

Multiarch hinter reports 1 issue(s) low

There are issues with the multiarch metadata for this package.

libgupnp-doc could be marked Multi-Arch: foreign

Created: 2018-12-05 Last update: 2022-05-20 19:39

1 low-priority security issue in buster low

There is 1 open security issue in buster.

1 issue left for the package maintainer to handle:

CVE-2021-33516: (needs triaging) An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x before 1.2.5. It allows DNS rebinding. A remote web server can exploit this vulnerability to trick a victim's browser into triggering actions against local UPnP services implemented using this library. Depending on the affected service, this could be used for data exfiltration, data tempering, etc.

You can find information about how to handle this issue in the security team's documentation.

Created: 2021-05-25 Last update: 2022-02-06 05:35

1 low-priority security issue in bullseye low

There is 1 open security issue in bullseye.

1 issue left for the package maintainer to handle:

CVE-2021-33516: (needs triaging) An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x before 1.2.5. It allows DNS rebinding. A remote web server can exploit this vulnerability to trick a victim's browser into triggering actions against local UPnP services implemented using this library. Depending on the affected service, this could be used for data exfiltration, data tempering, etc.

You can find information about how to handle this issue in the security team's documentation.

Created: 2021-08-14 Last update: 2022-02-06 05:35

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.6.1 instead of 4.6.0).

Created: 2022-05-11 Last update: 2022-05-11 23:25

news

[rss feed]

[2022-02-06] gupnp 1.4.3-1 MIGRATED to testing (Debian testing watch)
[2022-01-31] Accepted gupnp 1.4.3-1 (source) into unstable (Andreas Henriksson)
[2021-12-12] gupnp 1.4.1-1 MIGRATED to testing (Debian testing watch)
[2021-12-07] Accepted gupnp 1.4.1-1 (source) into unstable (Jeremy Bicha)
[2021-10-08] gupnp 1.4.0-2 MIGRATED to testing (Debian testing watch)
[2021-10-03] Accepted gupnp 1.4.0-2 (source) into unstable (Jeremy Bicha)
[2021-09-29] Accepted gupnp 1.4.0-1 (source amd64 all) into experimental, experimental (Debian FTP Masters) (signed by: Jeremy Bicha)
[2021-06-08] Accepted gupnp 1.2.7-1 (source) into experimental (Sebastien Bacher)
[2020-09-21] gupnp 1.2.4-1 MIGRATED to testing (Debian testing watch)
[2020-09-21] gupnp 1.2.4-1 MIGRATED to testing (Debian testing watch)
[2020-09-16] Accepted gupnp 1.2.4-1 (source) into unstable (Sebastien Bacher)
[2020-08-24] Accepted gupnp 1.0.5-0+deb10u1 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Emilio Pozuelo Monfort)
[2020-08-06] Accepted gupnp 1.0.1-1+deb9u1 (source) into oldstable (Emilio Pozuelo Monfort)
[2020-07-03] gupnp 1.2.3-1 MIGRATED to testing (Debian testing watch)
[2020-06-25] Accepted gupnp 1.2.3-1 (source) into unstable (Sebastien Bacher)
[2020-04-20] gupnp 1.2.2-2 MIGRATED to testing (Debian testing watch)
[2020-04-14] Accepted gupnp 1.2.2-2 (source) into unstable (Laurent Bigonville)
[2020-01-13] gupnp 1.2.2-1 MIGRATED to testing (Debian testing watch)
[2020-01-08] gupnp 1.2.1-2 MIGRATED to testing (Debian testing watch)
[2020-01-08] Accepted gupnp 1.2.2-1 (source) into unstable (Laurent Bigonville)
[2019-12-31] Accepted gupnp 1.2.1-2 (source) into unstable (Laurent Bigonville)
[2019-05-12] Accepted gupnp 1.2.1-1 (source) into experimental (Sebastien Bacher)
[2019-03-17] Accepted gupnp 1.2.0-1 (source) into experimental (Jeremy Bicha)
[2019-02-28] Accepted gupnp 1.1.2-1 (source amd64 all) into experimental, experimental (Jeremy Bicha)
[2018-12-31] gupnp 1.0.3-3 MIGRATED to testing (Debian testing watch)
[2018-12-26] Accepted gupnp 1.0.3-3 (source) into unstable (Jeremy Bicha)
[2018-12-10] gupnp 1.0.3-2 MIGRATED to testing (Debian testing watch)
[2018-12-04] Accepted gupnp 1.0.3-2 (source) into unstable (Sebastien Bacher)
[2018-09-20] gupnp 1.0.3-1 MIGRATED to testing (Debian testing watch)
[2018-09-15] Accepted gupnp 1.0.3-1 (source) into unstable (Jeremy Bicha)

bugs [bug history graph]

all: 1
RC: 0
I&N: 0
M&W: 1
F&P: 0
patch: 0

links

homepage
lintian
buildd: logs, clang, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.4.3-1