Bug 512666 (CVE-2014-3985)

Comment 1 GLSAMaker/CVETool Bot 2015-01-04 19:58:00 UTC

CVE-2014-3985 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3985):
  The getHTTPResponse function in miniwget.c in MiniUPnP 1.9 allows remote
  attackers to cause a denial of service (crash) via crafted headers that
  trigger an out-of-bounds read.

Comment 2 Maxim Koltsov (RETIRED) 2015-04-28 17:51:07 UTC

Should be fixed in miniupnpc-1.9.20150424 added to tree now. Please check and mark this bug as resolved.

Comment 3 Aaron Bauman (RETIRED) 2016-03-19 07:14:25 UTC

Cannot confirm this was backported to 1.8 which is stable in the tree.

https://github.com/miniupnp/miniupnp/commit/3a87aa2f10bd7f1408e1849bdb59c41dd63a9fe9

@maintainer, can you confirm this is backported?  If not, you can call for the stabilization of patched version and we can proceed to cleanup of the old vulnerable.  Thanks.

Comment 4 Thomas Deutschmann (RETIRED) 2016-11-21 19:20:50 UTC

Vulnerability is fixed in every 1.9er release in tree.


@ Arches,

please test and mark stable: =net-libs/miniupnpc-1.9.20151008

Comment 5 Agostino Sarubbo 2016-11-22 11:31:39 UTC

amd64 stable

Comment 6 Agostino Sarubbo 2016-11-22 11:32:57 UTC

x86 stable

Comment 7 Markus Meier 2016-11-29 17:30:50 UTC

arm stable

Comment 8 Jeroen Roovers (RETIRED) 2017-01-07 11:22:25 UTC

Stable for HPPA PPC64.

Comment 9 Agostino Sarubbo 2017-01-11 10:36:52 UTC

sparc stable

Comment 10 Agostino Sarubbo 2017-01-15 15:50:43 UTC

ppc stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.

Comment 11 Thomas Deutschmann (RETIRED) 2017-01-15 18:50:49 UTC

New GLSA request filed.

Comment 12 GLSAMaker/CVETool Bot 2017-01-17 09:20:01 UTC

This issue was resolved and addressed in
 GLSA 201701-41 at https://security.gentoo.org/glsa/201701-41
by GLSA coordinator Aaron Bauman (b-man).