Debian Package Tracker
Register | Log in
Subscribe

pupnp-1.8

Choose email to subscribe with

general
  • source: pupnp-1.8 (main)
  • version: 1:1.8.4-2
  • maintainer: James Cowgill (DMD)
  • arch: all any
  • std-ver: 4.2.1
  • VCS: Git (Browse, QA)
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • stable: 1:1.8.4-2
  • testing: 1:1.8.4-2
  • unstable: 1:1.8.4-2
versioned links
  • 1:1.8.4-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • libixml10
  • libupnp-dev
  • libupnp-doc
  • libupnp13 (3 bugs: 1, 2, 0, 0)
action needed
Multiarch hinter reports 1 issue(s) high
There are issues with the multiarch metadata for this package.
  • libupnp-dev conflicts on /usr/include/upnp/upnpconfig.h on armel, armhf, i386, mipsel <-> amd64, arm64, mips64el, and 2 more
Created: 2018-11-06 Last update: 2021-04-18 00:33
A new upstream version is available: 1.14.5 high
A new upstream version 1.14.5 is available, you should consider packaging it.
Created: 2020-06-29 Last update: 2021-04-18 00:32
3 security issues in sid high

There are 3 open security issues in sid.

3 important issues:
  • CVE-2020-12695: The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.
  • CVE-2020-13848: Portable UPnP SDK (aka libupnp) 1.12.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted SSDP message due to a NULL pointer dereference in the functions FindServiceControlURLPath and FindServiceEventURLPath in genlib/service_table/service_table.c.
  • CVE-2021-28302: A stack overflow in pupnp 1.16.1 can cause the denial of service through the Parser_parseDocument() function. ixmlNode_free() will release a child node recursively, which will consume stack space and lead to a crash.
Created: 2021-02-19 Last update: 2021-04-12 18:00
3 security issues in buster high

There are 3 open security issues in buster.

1 important issue:
  • CVE-2021-28302: A stack overflow in pupnp 1.16.1 can cause the denial of service through the Parser_parseDocument() function. ixmlNode_free() will release a child node recursively, which will consume stack space and lead to a crash.
2 issues left for the package maintainer to handle:
  • CVE-2020-12695: (needs triaging) The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.
  • CVE-2020-13848: (needs triaging) Portable UPnP SDK (aka libupnp) 1.12.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted SSDP message due to a NULL pointer dereference in the functions FindServiceControlURLPath and FindServiceEventURLPath in genlib/service_table/service_table.c.

You can find information about how to handle these issues in the security team's documentation.

Created: 2021-02-19 Last update: 2021-04-12 18:00
3 security issues in bullseye high

There are 3 open security issues in bullseye.

3 important issues:
  • CVE-2020-12695: The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.
  • CVE-2020-13848: Portable UPnP SDK (aka libupnp) 1.12.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted SSDP message due to a NULL pointer dereference in the functions FindServiceControlURLPath and FindServiceEventURLPath in genlib/service_table/service_table.c.
  • CVE-2021-28302: A stack overflow in pupnp 1.16.1 can cause the denial of service through the Parser_parseDocument() function. ixmlNode_free() will release a child node recursively, which will consume stack space and lead to a crash.
Created: 2021-02-19 Last update: 2021-04-12 18:00
1 bug tagged patch in the BTS normal
The BTS contains patches fixing 1 bug, consider including or untagging them.
Created: 2020-10-19 Last update: 2021-04-18 06:02
version in VCS is newer than in repository, is it time to upload? normal
vcswatch reports that this package seems to have a new changelog entry (version 1:1.8.4-3, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:
commit 8a610cb462363c39472cff5b76eb24c395834920
Author: James Cowgill <jcowgill@debian.org>
Date:   Mon Nov 12 18:08:46 2018 +0000

    d/tests: Replace ADTTMP with AUTOPKGTEST_TMP

commit 7b9a8e6ea4e4fb67b3775585ad4b5c41351b6cfe
Author: James Cowgill <jcowgill@debian.org>
Date:   Mon Nov 12 22:48:38 2018 +0000

    d/control: Drop Multi-Arch: same from libupnp-dev
    
    The file "upnpconfig.h" differs between 32-bit and 64-bit architectures.

commit b18310196f659876ad7688f65e73def988a0b783
Author: James Cowgill <jcowgill@debian.org>
Date:   Mon Nov 12 17:51:54 2018 +0000

    d/changelog: New entry
Created: 2018-11-15 Last update: 2021-04-17 04:38
Standards version of the package is outdated. wishlist
The package should be updated to follow the last version of Debian Policy (Standards-Version 4.5.1 instead of 4.2.1).
Created: 2018-12-23 Last update: 2020-11-17 05:41
news
[rss feed]
  • [2018-11-08] pupnp-1.8 1:1.8.4-2 MIGRATED to testing (Debian testing watch)
  • [2018-11-05] Accepted pupnp-1.8 1:1.8.4-2 (source) into unstable (James Cowgill)
  • [2018-10-27] Accepted pupnp-1.8 1:1.8.4-1 (source) into experimental (James Cowgill)
  • [2017-12-27] Accepted pupnp-1.8 1:1.8.3-3 (source amd64 all) into experimental, experimental (James Cowgill)
  • [2017-12-23] Accepted pupnp-1.8 1:1.8.3-2 (source) into experimental (James Cowgill)
  • [2017-11-21] Accepted pupnp-1.8 1:1.8.3-1 (source) into experimental (James Cowgill)
  • [2017-09-29] pupnp-1.8 1:1.8.2-3 MIGRATED to testing (Debian testing watch)
  • [2017-09-23] Accepted pupnp-1.8 1:1.8.2-3 (source) into unstable (James Cowgill)
  • [2017-09-04] pupnp-1.8 1:1.8.2-2 MIGRATED to testing (Debian testing watch)
  • [2017-08-29] Accepted pupnp-1.8 1:1.8.2-2 (source) into unstable (James Cowgill)
  • [2017-08-28] Accepted pupnp-1.8 1:1.8.2-1 (source amd64 all) into unstable, unstable (James Cowgill)
  • [2017-06-20] pupnp-1.8 1:1.8.1-1 MIGRATED to testing (Debian testing watch)
  • [2017-05-26] Accepted pupnp-1.8 1:1.8.1-1 (source) into unstable (James Cowgill)
  • [2017-04-10] Accepted pupnp-1.8 1:1.8.0-3 (source) into unstable (James Cowgill)
  • [2017-04-05] Accepted pupnp-1.8 1:1.8.0-2 (source) into unstable (James Cowgill)
  • [2017-04-04] Accepted pupnp-1.8 1:1.8.0-1 (source amd64 all) into unstable, unstable (James Cowgill)
bugs [bug history graph]
  • all: 5 6
  • RC: 1
  • I&N: 4 5
  • M&W: 0
  • F&P: 0
  • patch: 1
links
  • homepage
  • buildd: logs, clang, reproducibility, cross
  • popcon
  • browse source code
  • edit tags
  • other distros
  • security tracker
  • debci
ubuntu Ubuntu logo [Information about Ubuntu for Debian Developers]
  • version: 1:1.8.4-2ubuntu2
  • patches for 1:1.8.4-2ubuntu2

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing