Upstream changelog for libupnp (/usr/share/doc/libupnp6/changelog.gz) lists many fixes for buffer overflows in version 1.6.16. Should this be added to tracker and check if CVE number is allocated?