Accepted miniupnpd 1.8.20130730-1 (source amd64)

To: debian-devel-changes@lists.debian.org
Subject: Accepted miniupnpd 1.8.20130730-1 (source amd64)
From: Thomas Goirand <zigo@debian.org>
Date: Thu, 15 Aug 2013 15:22:17 +0000
Message-id: <[🔎] E1V9zNR-000320-Pa@franck.debian.org>
Mail-followup-to: debian-devel@lists.debian.org
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 23 Jul 2013 11:16:15 +0800
Source: miniupnpd
Binary: miniupnpd
Architecture: source amd64
Version: 1.8.20130730-1
Distribution: unstable
Urgency: low
Maintainer: Thomas Goirand <zigo@debian.org>
Changed-By: Thomas Goirand <zigo@debian.org>
Description: 
 miniupnpd  - daemon providing UPnP Internet Gateway Device (IGD) services
Closes: 686287 686537 716936
Changes: 
 miniupnpd (1.8.20130730-1) unstable; urgency=low
 .
   * Uploading to unstable.
   * New upstream release fixing CVE-2013-2600: MiniUPnPd versions 1.8 and
     earlier are prone to an information disclosure vulnerability due to
     improper use of snprintf() while preparing SSDP responses. An attacker can
     exploit this vulnerability by sending a crafted request with a long ST
     header. If the header is long enough, the SSDP response buffer will be
     truncated by snprintf() and the subsequent sendto() call will read off the
     end of the buffer thereby disclosing the contents of adjacent memory. This
     response can reveal details of internal network topology as well as other
     activity on the target network. Fix at:
     .
     https://github.com/miniupnp/miniupnp/commit/18887cb1e49295e69c308d8bb1f2526798a77429
     .
     Correctly handle truncated snprintf() in SSDP code (Closes: #716936,
     #686537).
   * Now packaging using pristine-tar git-import-orig.
   * Added new IPv6 rules in the init script, and its configuration through
     debconf (Closes: #686287).
   * Fixed the clean process.
   * Removes now obsolete patches.
   * Build-Depends on libnfnetlink-dev.
   * Standards-Version: 3.9.4.
   * Canonical URLs for VCS feilds.
Checksums-Sha1: 
 ad27cb1d02837cf2697a4c71fc10bfd2a1233ff5 1292 miniupnpd_1.8.20130730-1.dsc
 32eed969a6c653d6d5ccd236ee50275c933d020e 149904 miniupnpd_1.8.20130730.orig.tar.gz
 8a8e717ebfa7d17ec725ed5966b458361ce6cf32 8872 miniupnpd_1.8.20130730-1.debian.tar.xz
 ce9841a2b27d6a2858f18bd4fc38ec1466261cd5 67800 miniupnpd_1.8.20130730-1_amd64.deb
Checksums-Sha256: 
 65f02c3cc4053800cd27fac1c8419df092511044bd86da293091c41f62e12011 1292 miniupnpd_1.8.20130730-1.dsc
 919ab6ec719959fff9bdae3f1d83f6a39c43fa4a6d3f2c48077f43729d3d7d43 149904 miniupnpd_1.8.20130730.orig.tar.gz
 f3927fa607bc14c4e96be777000449d58ed219f63a7d614d283d95dc8bfa77eb 8872 miniupnpd_1.8.20130730-1.debian.tar.xz
 dfbc044c32952f62cdc33a0651136a47b2b1671fced3106d26ca46683fd4cc85 67800 miniupnpd_1.8.20130730-1_amd64.deb
Files: 
 4b24103d02e186b60ce1594fc7a17343 1292 net optional miniupnpd_1.8.20130730-1.dsc
 5d0789e920a1b1160b04738c13e84e6a 149904 net optional miniupnpd_1.8.20130730.orig.tar.gz
 0114836bb9c5fa440f5100f1f37c2fd8 8872 net optional miniupnpd_1.8.20130730-1.debian.tar.xz
 bad2ba5fc85ac0fa97cac2cec7f033bf 67800 net optional miniupnpd_1.8.20130730-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)

iEYEARECAAYFAlH64YEACgkQl4M9yZjvmkkHFACfc3y5YTAyWvU4FCfy4Cb8RGAn
qmMAnjqcUZZgWFuPhT4OiKqwyPVxorKl
=xSqY
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: Accepted libedit 3.1-20130712-1~exp3 (source amd64)
Next by Date: Accepted monkeysign 1.0 (source all)
Previous by thread: Accepted libedit 3.1-20130712-1~exp3 (source amd64)
Next by thread: Accepted monkeysign 1.0 (source all)
Index(es):
- Date
- Thread