757297 – (CVE-2020-28926) <net-misc/minidlna-1.3.0: multiple vulnerabilities

Bug 757297 (CVE-2020-28926) - <net-misc/minidlna-1.3.0: multiple vulnerabilities

Summary: <net-misc/minidlna-1.3.0: multiple vulnerabilities

Status:	RESOLVED FIXED

Alias:	CVE-2020-28926

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:	https://www.rootshellsecurity.net/rem...
Whiteboard:	B3 [noglsa]
Keywords:

Depends on:
Blocks:	CVE-2020-12695
	Show dependency tree

Reported:	2020-11-28 00:42 UTC by Michał Górny
Modified:	2022-03-03 23:28 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Michał Górny archtester

2020-11-28 00:42:29 UTC

From release notes:

+- Disallow negative HTTP chunk lengths. [CVE-2020-28926]
+- Validate SUBSCRIBE callback URL. [CVE-2020-12695]

However, I'm not going to be able to test it properly tonight.

Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev

2020-11-28 13:34:30 UTC

x86 stable

Comment 2 Agostino Sarubbo gentoo-dev

2020-11-29 08:17:12 UTC

amd64 stable

Comment 3 Sam James archtester

2020-12-03 06:51:11 UTC

arm done

all arches done

Comment 4 Sam James archtester

2020-12-03 06:59:03 UTC

Please cleanup, thanks!

Comment 5 Larry the Git Cow gentoo-dev

2020-12-03 08:48:40 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=22914d46aa0c30f41cbcf2718882a9839f4bd9ff

commit 22914d46aa0c30f41cbcf2718882a9839f4bd9ff
Author:     Michał Górny <mgorny@gentoo.org>
AuthorDate: 2020-12-03 08:39:49 +0000
Commit:     Michał Górny <mgorny@gentoo.org>
CommitDate: 2020-12-03 08:48:37 +0000

    net-misc/minidlna: Remove old
    
    Bug: https://bugs.gentoo.org/757297
    Signed-off-by: Michał Górny <mgorny@gentoo.org>

 net-misc/minidlna/Manifest                         |   1 -
 .../minidlna/files/minidlna-1.2.1-fno-common.patch |  45 --------
 net-misc/minidlna/minidlna-1.2.1-r1.ebuild         | 114 ---------------------
 3 files changed, 160 deletions(-)

Comment 6 NATTkA bot gentoo-dev

2021-01-31 09:20:54 UTC Comment hidden (obsolete)

Unable to check for sanity:

> no match for package: net-misc/minidlna-1.3.0

Comment 7 NATTkA bot gentoo-dev

2021-04-01 20:12:11 UTC Comment hidden (obsolete)

Unable to check for sanity:

> no match for package: net-misc/minidlna-1.3.0

Comment 8 NATTkA bot gentoo-dev

2021-07-29 17:25:13 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 9 NATTkA bot gentoo-dev

2021-07-29 17:33:46 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 10 NATTkA bot gentoo-dev

2021-07-29 17:41:39 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 11 NATTkA bot gentoo-dev

2021-07-29 17:49:48 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 12 NATTkA bot gentoo-dev

2021-07-29 18:05:42 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 13 NATTkA bot gentoo-dev

2021-07-29 18:14:01 UTC

Package list is empty or all packages have requested keywords.

Comment 14 Amel Hodzic 2022-02-12 00:49:26 UTC

Is there an issue with the bot or are we still waiting for something before this bug can be closed?

Thank you

Comment 15 John Helmert III archtester

2022-03-03 23:23:01 UTC

*** Bug 736226 has been marked as a duplicate of this bug. ***

Comment 16 John Helmert III archtester

2022-03-03 23:28:51 UTC

Sorry, CVE-2021-27202 is unfixed. GLSA vote: no. Closing.