pupnp-1.8 - Debian Package Tracker

general

source: pupnp-1.8 (main)
version: 1:1.8.4-2
maintainer: James Cowgill (DMD)
arch: all any
std-ver: 4.2.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

stable: 1:1.8.4-2
testing: 1:1.8.4-2
unstable: 1:1.8.4-2

versioned links

1:1.8.4-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libixml10
libupnp-dev
libupnp-doc
libupnp13 (3 bugs: 1, 2, 0, 0)

action needed

Multiarch hinter reports 1 issue(s) high

There are issues with the multiarch metadata for this package.

libupnp-dev conflicts on /usr/include/upnp/upnpconfig.h on armel, armhf, i386, mipsel <-> amd64, arm64, mips64el, and 2 more

Created: 2018-11-06 Last update: 2021-04-18 00:33

A new upstream version is available: 1.14.5 high

A new upstream version 1.14.5 is available, you should consider packaging it.

Created: 2020-06-29 Last update: 2021-04-18 00:32

3 security issues in sid high

There are 3 open security issues in sid.

3 important issues:

CVE-2020-12695: The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.
CVE-2020-13848: Portable UPnP SDK (aka libupnp) 1.12.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted SSDP message due to a NULL pointer dereference in the functions FindServiceControlURLPath and FindServiceEventURLPath in genlib/service_table/service_table.c.
CVE-2021-28302: A stack overflow in pupnp 1.16.1 can cause the denial of service through the Parser_parseDocument() function. ixmlNode_free() will release a child node recursively, which will consume stack space and lead to a crash.

Created: 2021-02-19 Last update: 2021-04-12 18:00

3 security issues in buster high

There are 3 open security issues in buster.

1 important issue:

CVE-2021-28302: A stack overflow in pupnp 1.16.1 can cause the denial of service through the Parser_parseDocument() function. ixmlNode_free() will release a child node recursively, which will consume stack space and lead to a crash.

2 issues left for the package maintainer to handle:

CVE-2020-12695: (needs triaging) The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.
CVE-2020-13848: (needs triaging) Portable UPnP SDK (aka libupnp) 1.12.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted SSDP message due to a NULL pointer dereference in the functions FindServiceControlURLPath and FindServiceEventURLPath in genlib/service_table/service_table.c.

You can find information about how to handle these issues in the security team's documentation.

Created: 2021-02-19 Last update: 2021-04-12 18:00

3 security issues in bullseye high

There are 3 open security issues in bullseye.

3 important issues:

CVE-2020-12695: The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.
CVE-2020-13848: Portable UPnP SDK (aka libupnp) 1.12.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted SSDP message due to a NULL pointer dereference in the functions FindServiceControlURLPath and FindServiceEventURLPath in genlib/service_table/service_table.c.
CVE-2021-28302: A stack overflow in pupnp 1.16.1 can cause the denial of service through the Parser_parseDocument() function. ixmlNode_free() will release a child node recursively, which will consume stack space and lead to a crash.

Created: 2021-02-19 Last update: 2021-04-12 18:00

1 bug tagged patch in the BTS normal

The BTS contains patches fixing 1 bug, consider including or untagging them.

Created: 2020-10-19 Last update: 2021-04-18 06:02

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 1:1.8.4-3, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit 8a610cb462363c39472cff5b76eb24c395834920
Author: James Cowgill <jcowgill@debian.org>
Date:   Mon Nov 12 18:08:46 2018 +0000

    d/tests: Replace ADTTMP with AUTOPKGTEST_TMP

commit 7b9a8e6ea4e4fb67b3775585ad4b5c41351b6cfe
Author: James Cowgill <jcowgill@debian.org>
Date:   Mon Nov 12 22:48:38 2018 +0000

    d/control: Drop Multi-Arch: same from libupnp-dev
    
    The file "upnpconfig.h" differs between 32-bit and 64-bit architectures.

commit b18310196f659876ad7688f65e73def988a0b783
Author: James Cowgill <jcowgill@debian.org>
Date:   Mon Nov 12 17:51:54 2018 +0000

    d/changelog: New entry

Created: 2018-11-15 Last update: 2021-04-17 04:38

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.5.1 instead of 4.2.1).

Created: 2018-12-23 Last update: 2020-11-17 05:41

news

[rss feed]

[2018-11-08] pupnp-1.8 1:1.8.4-2 MIGRATED to testing (Debian testing watch)
[2018-11-05] Accepted pupnp-1.8 1:1.8.4-2 (source) into unstable (James Cowgill)
[2018-10-27] Accepted pupnp-1.8 1:1.8.4-1 (source) into experimental (James Cowgill)
[2017-12-27] Accepted pupnp-1.8 1:1.8.3-3 (source amd64 all) into experimental, experimental (James Cowgill)
[2017-12-23] Accepted pupnp-1.8 1:1.8.3-2 (source) into experimental (James Cowgill)
[2017-11-21] Accepted pupnp-1.8 1:1.8.3-1 (source) into experimental (James Cowgill)
[2017-09-29] pupnp-1.8 1:1.8.2-3 MIGRATED to testing (Debian testing watch)
[2017-09-23] Accepted pupnp-1.8 1:1.8.2-3 (source) into unstable (James Cowgill)
[2017-09-04] pupnp-1.8 1:1.8.2-2 MIGRATED to testing (Debian testing watch)
[2017-08-29] Accepted pupnp-1.8 1:1.8.2-2 (source) into unstable (James Cowgill)
[2017-08-28] Accepted pupnp-1.8 1:1.8.2-1 (source amd64 all) into unstable, unstable (James Cowgill)
[2017-06-20] pupnp-1.8 1:1.8.1-1 MIGRATED to testing (Debian testing watch)
[2017-05-26] Accepted pupnp-1.8 1:1.8.1-1 (source) into unstable (James Cowgill)
[2017-04-10] Accepted pupnp-1.8 1:1.8.0-3 (source) into unstable (James Cowgill)
[2017-04-05] Accepted pupnp-1.8 1:1.8.0-2 (source) into unstable (James Cowgill)
[2017-04-04] Accepted pupnp-1.8 1:1.8.0-1 (source amd64 all) into unstable, unstable (James Cowgill)

bugs [bug history graph]

all: 5 6
RC: 1
I&N: 4 5
M&W: 0
F&P: 0
patch: 1

links

homepage
buildd: logs, clang, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1:1.8.4-2ubuntu2
patches for 1:1.8.4-2ubuntu2