The server-part of npupnp, a library used to implement UUPnP clients and servers, is vulnerable to DNS rebinding attacks. Impact: A remote web server can exploit this vulnerability to trick the user browser into triggering actions on the local UPnP services implemented using this library. @ maintainer(s): Please bump to >=net-libs/libnpupnp-4.1.4!
Package list is empty or all packages have requested keywords.
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f7d0dd3b17b0588881711f671bcfee23334a01a0 commit f7d0dd3b17b0588881711f671bcfee23334a01a0 Author: Erik Mackdanz <stasibear@gentoo.org> AuthorDate: 2021-08-03 20:51:55 +0000 Commit: Erik Mackdanz <stasibear@gentoo.org> CommitDate: 2021-08-03 20:51:55 +0000 net-libs/libnpupnp: bump to 4.1.4 Closes: https://bugs.gentoo.org/784593 Signed-off-by: Erik Mackdanz <stasibear@gentoo.org> Package-Manager: Portage-3.0.20, Repoman-3.0.3 net-libs/libnpupnp/Manifest | 1 + net-libs/libnpupnp/libnpupnp-4.1.4.ebuild | 37 +++++++++++++++++++++++++++++++ 2 files changed, 38 insertions(+)
Reopening, we need to stable and so on - please CC arches when ready, thanks!
Unable to check for sanity: > no match for package: net-libs/libnpupnp-1.4.4
All sanity-check issues have been resolved
ping, ready to stable?
I can stabilize it. I usually wait 30 days per the handbook but given there's a GLSA and the package is otherwise low-risk I don't mind shortening that.
(In reply to Erik Mackdanz from comment #12) > I can stabilize it. I usually wait 30 days per the handbook but given > there's a GLSA and the package is otherwise low-risk I don't mind shortening > that. We don't worry about waiting the full period if it's a low-risk change and such when there's a security bug. Just add CC-ARCHES to the KEYWORDS on the bug when it's ready and it'll roll. Thanks!
4.1.4 is stable, no need for further stabilization
No problem. I can't tell if the Security team is waiting for me to do something. I don't think so, so I'll wander away and let Security close this when you're ready.