Bug#967996: buster-pu: package gupnp/1.0.5-0+deb10u1

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#967996: buster-pu: package gupnp/1.0.5-0+deb10u1
From: Emilio Pozuelo Monfort <pochu@debian.org>
Date: Thu, 06 Aug 2020 13:40:42 +0200
Message-id: <[🔎] 159671404276.5344.14686949467948014400.reportbug@andromeda>
Reply-to: Emilio Pozuelo Monfort <pochu@debian.org>, 967996@bugs.debian.org

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian.org@packages.debian.org
Usertags: pu

Hi,

This fixes CVE-2020-12695 (CallStranger) in the gupnp library,
which benefits servers using it such as rygel. As for gssdp,
I updated to 1.0.5 as the other changes seemed sensible, but
let me know if you prefer a minimal update.

I found a bug in the update that could cause a remote user to
crash a server, it's been reviewed and fixed upstream, and is
included as a patch. With that, things seem to work well on
my (limited) tests and CallStranger is addressed.

Thanks,
Emilio

Attachment: gupnp.debdiff.gz
Description: application/gzip

Reply to:

Follow-Ups:
- Bug#967996: gupnp 1.0.5-0+deb10u1 flagged for acceptance
  - From: Adam D Barratt <adam@adam-barratt.org.uk>

Prev by Date: NEW changes in stable-new
Next by Date: Bug#965355: marked as done (transition: ace)
Previous by thread: Processed: Re: Bug#819728: okular: add support to verify CA signed & timestamped PDF
Next by thread: Bug#967996: gupnp 1.0.5-0+deb10u1 flagged for acceptance
Index(es):
- Date
- Thread