Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 757297 - <net-misc/minidlna-1.3.0: multiple vulnerabilities
Summary: <net-misc/minidlna-1.3.0: multiple vulnerabilities
Status: CONFIRMED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://www.rootshellsecurity.net/rem...
Whiteboard: B3 [glsa?]
Keywords:
Depends on:
Blocks:
 
Reported: 2020-11-28 00:42 UTC by Michał Górny
Modified: 2021-07-29 18:14 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2020-11-28 00:42:29 UTC
From release notes:

+- Disallow negative HTTP chunk lengths. [CVE-2020-28926]
+- Validate SUBSCRIBE callback URL. [CVE-2020-12695]

However, I'm not going to be able to test it properly tonight.
Comment 1 Thomas Deutschmann gentoo-dev Security 2020-11-28 13:34:30 UTC
x86 stable
Comment 2 Agostino Sarubbo gentoo-dev 2020-11-29 08:17:12 UTC
amd64 stable
Comment 3 Sam James archtester gentoo-dev Security 2020-12-03 06:51:11 UTC
arm done

all arches done
Comment 4 Sam James archtester gentoo-dev Security 2020-12-03 06:59:03 UTC
Please cleanup, thanks!
Comment 5 Larry the Git Cow gentoo-dev 2020-12-03 08:48:40 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=22914d46aa0c30f41cbcf2718882a9839f4bd9ff

commit 22914d46aa0c30f41cbcf2718882a9839f4bd9ff
Author:     Michał Górny <mgorny@gentoo.org>
AuthorDate: 2020-12-03 08:39:49 +0000
Commit:     Michał Górny <mgorny@gentoo.org>
CommitDate: 2020-12-03 08:48:37 +0000

    net-misc/minidlna: Remove old
    
    Bug: https://bugs.gentoo.org/757297
    Signed-off-by: Michał Górny <mgorny@gentoo.org>

 net-misc/minidlna/Manifest                         |   1 -
 .../minidlna/files/minidlna-1.2.1-fno-common.patch |  45 --------
 net-misc/minidlna/minidlna-1.2.1-r1.ebuild         | 114 ---------------------
 3 files changed, 160 deletions(-)
Comment 6 NATTkA bot gentoo-dev 2021-01-31 09:20:54 UTC Comment hidden (obsolete)
Comment 7 NATTkA bot gentoo-dev 2021-04-01 20:12:11 UTC Comment hidden (obsolete)
Comment 8 NATTkA bot gentoo-dev 2021-07-29 17:25:13 UTC Comment hidden (obsolete)
Comment 9 NATTkA bot gentoo-dev 2021-07-29 17:33:46 UTC Comment hidden (obsolete)
Comment 10 NATTkA bot gentoo-dev 2021-07-29 17:41:39 UTC Comment hidden (obsolete)
Comment 11 NATTkA bot gentoo-dev 2021-07-29 17:49:48 UTC Comment hidden (obsolete)
Comment 12 NATTkA bot gentoo-dev 2021-07-29 18:05:42 UTC Comment hidden (obsolete)
Comment 13 NATTkA bot gentoo-dev 2021-07-29 18:14:01 UTC
Package list is empty or all packages have requested keywords.