Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 757297 (CVE-2020-28926) - <net-misc/minidlna-1.3.0: multiple vulnerabilities
Summary: <net-misc/minidlna-1.3.0: multiple vulnerabilities
Alias: CVE-2020-28926
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: B3 [noglsa]
Depends on:
Blocks: CVE-2020-12695
  Show dependency tree
Reported: 2020-11-28 00:42 UTC by Michał Górny
Modified: 2022-03-03 23:28 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2020-11-28 00:42:29 UTC
From release notes:

+- Disallow negative HTTP chunk lengths. [CVE-2020-28926]
+- Validate SUBSCRIBE callback URL. [CVE-2020-12695]

However, I'm not going to be able to test it properly tonight.
Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev 2020-11-28 13:34:30 UTC
x86 stable
Comment 2 Agostino Sarubbo gentoo-dev 2020-11-29 08:17:12 UTC
amd64 stable
Comment 3 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-12-03 06:51:11 UTC
arm done

all arches done
Comment 4 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-12-03 06:59:03 UTC
Please cleanup, thanks!
Comment 5 Larry the Git Cow gentoo-dev 2020-12-03 08:48:40 UTC
The bug has been referenced in the following commit(s):

commit 22914d46aa0c30f41cbcf2718882a9839f4bd9ff
Author:     Michał Górny <>
AuthorDate: 2020-12-03 08:39:49 +0000
Commit:     Michał Górny <>
CommitDate: 2020-12-03 08:48:37 +0000

    net-misc/minidlna: Remove old
    Signed-off-by: Michał Górny <>

 net-misc/minidlna/Manifest                         |   1 -
 .../minidlna/files/minidlna-1.2.1-fno-common.patch |  45 --------
 net-misc/minidlna/minidlna-1.2.1-r1.ebuild         | 114 ---------------------
 3 files changed, 160 deletions(-)
Comment 6 NATTkA bot gentoo-dev 2021-01-31 09:20:54 UTC Comment hidden (obsolete)
Comment 7 NATTkA bot gentoo-dev 2021-04-01 20:12:11 UTC Comment hidden (obsolete)
Comment 8 NATTkA bot gentoo-dev 2021-07-29 17:25:13 UTC Comment hidden (obsolete)
Comment 9 NATTkA bot gentoo-dev 2021-07-29 17:33:46 UTC Comment hidden (obsolete)
Comment 10 NATTkA bot gentoo-dev 2021-07-29 17:41:39 UTC Comment hidden (obsolete)
Comment 11 NATTkA bot gentoo-dev 2021-07-29 17:49:48 UTC Comment hidden (obsolete)
Comment 12 NATTkA bot gentoo-dev 2021-07-29 18:05:42 UTC Comment hidden (obsolete)
Comment 13 NATTkA bot gentoo-dev 2021-07-29 18:14:01 UTC
Package list is empty or all packages have requested keywords.
Comment 14 Amel Hodzic 2022-02-12 00:49:26 UTC
Is there an issue with the bot or are we still waiting for something before this bug can be closed?

Thank you
Comment 15 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-03-03 23:23:01 UTC
*** Bug 736226 has been marked as a duplicate of this bug. ***
Comment 16 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-03-03 23:28:51 UTC
Sorry, CVE-2021-27202 is unfixed. GLSA vote: no. Closing.