| Summary: | <net-misc/miniupnpd-1.10_pre20141209: multiple vulnerabilities | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | trivial | CC: | gurligebis |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://www.openwall.com/lists/oss-security/2014/12/09/26 | ||
| Whiteboard: | ~2 [noglsa] | ||
| Package list: | Runtime testing required: | --- | |
I have bumped it to 1.10_pre20141209 - thanks :) Maintainer(s), Thank you for your work. No GLSA needed as there are no stable versions. Leaving Open for CVE assignment (Already requested in URL) Will add CVE later, tracking externally. |
From ${URL} : Besides that, I found a few memory corruption vulnerabilities in the code. Fixes: https://github.com/miniupnp/miniupnp/commit/d00b75782e7d73e78d0b935cee6f4873bc48c9e8 https://github.com/miniupnp/miniupnp/commit/7c91c4e933e96b913b72685d093126d282b87db6 Some memory corruption fix: https://github.com/miniupnp/miniupnp/commit/e6bc04aa06341fa4df3ccae87a167e9adf816911 A buffer overrun in ParseHttpHeaders() fix: https://github.com/miniupnp/miniupnp/commit/dd39ecaa935a9c23176416b38a3b80d577f21048 Added check if BuildHeader_upnphttp() failed to allocate memory: https://github.com/miniupnp/miniupnp/commit/ec94c5663fe80dd6ceea895c73e2be66b1ef6bf4 @maintainer(s): since the package or the affected version has never been marked as stable, we don't need to stabilize it. After the bump, please remove the affected versions from the tree.