Description: "An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x before 1.2.5. It allows DNS rebinding. A remote web server can exploit this vulnerability to trick a victim's browser into triggering actions against local UPnP services implemented using this library. Depending on the affected service, this could be used for data exfiltration, data tempering, etc."
https://discourse.gnome.org/t/security-relevant-releases-for-gupnp-issue-cve-2021-33516/6536 https://gitlab.gnome.org/GNOME/gupnp/-/issues/24
Please bump to >=1.2.5.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9e3cc58515aa791fac22f1c725689b257606e751 commit 9e3cc58515aa791fac22f1c725689b257606e751 Author: Matt Turner <mattst88@gentoo.org> AuthorDate: 2021-05-25 18:41:47 +0000 Commit: Matt Turner <mattst88@gentoo.org> CommitDate: 2021-05-25 18:51:49 +0000 net-libs/gupnp: Version bump to 1.2.6 Bug: https://bugs.gentoo.org/792063 Signed-off-by: Matt Turner <mattst88@gentoo.org> net-libs/gupnp/Manifest | 1 + net-libs/gupnp/gupnp-1.2.6.ebuild | 84 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 85 insertions(+)
Thanks! Please proceed with stabilization when ready
Unable to check for sanity: > dependent bug #792327 has errors
Unable to check for sanity: > dependent bug #792327 is missing keywords
Unable to check for sanity: > dependent bug #787818 has errors
All sanity-check issues have been resolved
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=65473d0a664a8a4b72482e9503f200b2a10dffee commit 65473d0a664a8a4b72482e9503f200b2a10dffee Author: Matt Turner <mattst88@gentoo.org> AuthorDate: 2021-05-30 23:53:01 +0000 Commit: Matt Turner <mattst88@gentoo.org> CommitDate: 2021-05-31 01:58:18 +0000 net-libs/gupnp: Drop old versions Bug: https://bugs.gentoo.org/792063 Signed-off-by: Matt Turner <mattst88@gentoo.org> net-libs/gupnp/Manifest | 1 - net-libs/gupnp/gupnp-1.2.4.ebuild | 84 --------------------------------------- 2 files changed, 85 deletions(-)
Unable to check for sanity: > no match for package: net-libs/gupnp-1.2.6