Univention Bugzilla – Bug 42030
libupnp: remote write to local filesystem via vlc (4.1)
Last modified: 2016-10-20 12:40:27 CEST
Upstream Debian package version 1:1.6.17-1.2+deb7u1 fixes this issue: * write files via POST (CVE-2016-6255) Affects server applications. In UCS libupnp is only used by vlc.
Imported and built in errata4.1-3, no UCS patches. Package update worked (amd64). Advisory: libupnp.yaml
FIXED: libupnp.yaml → r73344 OK: errata-announce -V --only libupnp.yaml OK: univention-install -qq libupnp6 libupnp6-dev OK: zless /usr/share/doc/libupnp6/changelog.Debian.gz
<http://errata.software-univention.de/ucs/4.1/300.html>