From ${URL} : Besides that, I found a few memory corruption vulnerabilities in the code. Fixes: https://github.com/miniupnp/miniupnp/commit/d00b75782e7d73e78d0b935cee6f4873bc48c9e8 https://github.com/miniupnp/miniupnp/commit/7c91c4e933e96b913b72685d093126d282b87db6 Some memory corruption fix: https://github.com/miniupnp/miniupnp/commit/e6bc04aa06341fa4df3ccae87a167e9adf816911 A buffer overrun in ParseHttpHeaders() fix: https://github.com/miniupnp/miniupnp/commit/dd39ecaa935a9c23176416b38a3b80d577f21048 Added check if BuildHeader_upnphttp() failed to allocate memory: https://github.com/miniupnp/miniupnp/commit/ec94c5663fe80dd6ceea895c73e2be66b1ef6bf4 @maintainer(s): since the package or the affected version has never been marked as stable, we don't need to stabilize it. After the bump, please remove the affected versions from the tree.
I have bumped it to 1.10_pre20141209 - thanks :)
Maintainer(s), Thank you for your work. No GLSA needed as there are no stable versions. Leaving Open for CVE assignment (Already requested in URL)
Will add CVE later, tracking externally.