Univention Bugzilla – Bug 52907
libupnp: Multiple issues (4.4)
Last modified: 2021-03-17 14:00:13 CET
New Debian libupnp 1:1.6.19+git20160116-1.2+deb9u1 fixes: This update addresses the following issue: * Portable UPnP SDK (aka libupnp) 1.12.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted SSDP message due to a NULL pointer dereference in the functions FindServiceControlURLPath and FindServiceEventURLPath in genlib/service_table/service_table.c. (CVE-2020-13848)
--- mirror/ftp/4.3/unmaintained/4.3-0/source/libupnp_1.6.19+git20160116-1.2.dsc +++ apt/ucs_4.4-0-errata4.4-7/source/libupnp_1.6.19+git20160116-1.2+deb9u1.dsc @@ -1,3 +1,11 @@ +1:1.6.19+git20160116-1.2+deb9u1 [Mon, 08 Mar 2021 02:16:50 +0530] Utkarsh Gupta <utkarsh@debian.org>: + + * Non-maintainer upload by the Debian LTS team. + * Fix CVE-2020-13848: denial of service (crash) via a crafted SSDP message + due to a NULL pointer dereference (Closes: #962282) + - Thanks to Abhijith's work for jessie - this patch was directly + picked up from there. + 1:1.6.19+git20160116-1.2 [Fri, 09 Dec 2016 10:40:28 +0100] Uwe Kleine-König <ukleinek@debian.org>: * Non-maintainer upload. <http://piuparts.knut.univention.de/4.4-7/#8113780116985738006>
OK: yaml OK: announce_errata OK: patch OK: piuparts
<https://errata.software-univention.de/#/?erratum=4.4x914>