Bug#929613: stretch-pu: package minissdpd/1.2.20130907-4.1+deb9u1
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian.org@packages.debian.org
Usertags: pu
Dear stable release managers,
Please consider minissdpd (1.2.20130907-4.1+deb9u1) for stretch:
minissdpd (1.2.20130907-4.1+deb9u1) stretch; urgency=medium
* CVE-2019-12106: Prevent a use-after-free vulnerability that would allow a
remote attacker to crash the process. (Closes: #929297)
The full diff is attached. See #929297 for the rationale why this is
not being released via a DSA.
Best wishes,
--
,''`.
: :' : Chris Lamb
`. `'` lamby@debian.org / chris-lamb.co.uk
`-
diff --git a/debian/changelog b/debian/changelog
index c2260b7..236d53b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+minissdpd (1.2.20130907-4.1+deb9u1) stretch; urgency=medium
+
+ * CVE-2019-12106: Prevent a use-after-free vulnerability that would allow a
+ remote attacker to crash the process. (Closes: #929297)
+
+ -- Chris Lamb <lamby@debian.org> Mon, 27 May 2019 10:14:26 +0100
+
minissdpd (1.2.20130907-4.1) unstable; urgency=medium
* Non-maintainer upload.
diff --git a/debian/patches/CVE-2019-12106.patch b/debian/patches/CVE-2019-12106.patch
new file mode 100644
index 0000000..b7a0ced
--- /dev/null
+++ b/debian/patches/CVE-2019-12106.patch
@@ -0,0 +1,12 @@
+https://github.com/miniupnp/miniupnp/commit/cd506a67e174a45c6a202eff182a712955ed6d6f
+
+--- minissdpd-1.2.20130907.orig/minissdpd.c
++++ minissdpd-1.2.20130907/minissdpd.c
+@@ -113,6 +113,7 @@ updateDevice(const struct header * heade
+ if(!p) /* allocation error */
+ {
+ syslog(LOG_ERR, "updateDevice() : memory allocation error");
++ *pp = p->next; /* remove "p" from the list */
+ return 0;
+ }
+ *pp = p;
diff --git a/debian/patches/series b/debian/patches/series
index 5853ae9..8c92571 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -2,3 +2,4 @@ link-with-lfreebsd-glue.patch
using-LDFLAGS-in-Makefile.patch
CVE-2016-3178.patch
CVE-2016-3179.patch
+CVE-2019-12106.patch
Reply to: