Re: libupnp buffer overflows

To: Florian Weimer <fw@deneb.enyo.de>
Cc: Touko Korpela <touko.korpela@iki.fi>, debian-security-tracker@lists.debian.org
Subject: Re: libupnp buffer overflows
From: Touko Korpela <touko.korpela@iki.fi>
Date: Fri, 18 May 2012 22:22:52 +0300
Message-id: <[🔎] 20120518192252.GA22318@tiikeri.vuoristo.local>
In-reply-to: <[🔎] 87aa15fhxz.fsf@mid.deneb.enyo.de>
References: <[🔎] 20120518103649.GA23535@lisko> <[🔎] 87aa15fhxz.fsf@mid.deneb.enyo.de>

On Fri, May 18, 2012 at 08:43:52PM +0200, Florian Weimer wrote:
> * Touko Korpela:
> 
> > Upstream changelog for libupnp (/usr/share/doc/libupnp6/changelog.gz) lists
> > many fixes for buffer overflows in version 1.6.16. Should this be added to
> > tracker and check if CVE number is allocated?
> 
> It seems that the list of issues is fairly long.  Have you got a list
> of source code commits?

Unfortunately, no. I only noticed this from the changelog.
Maybe maintainer and/or upstream can tell if this can be exploited.

Reply to:

References:
- libupnp buffer overflows
  - From: Touko Korpela <touko.korpela@iki.fi>
- Re: libupnp buffer overflows
  - From: Florian Weimer <fw@deneb.enyo.de>

Prev by Date: Re: libupnp buffer overflows
Next by Date: Weekly external check
Previous by thread: Re: libupnp buffer overflows
Next by thread: External check
Index(es):
- Date
- Thread