[Git][security-tracker-team/security-tracker][master] Add pupnp-1.8/libupnp as well for CVE-2020-12695

Salvatore Bonaccorso carnil at debian.org
Sun Feb 21 13:02:15 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
962cf95d by Salvatore Bonaccorso at 2021-02-21T14:01:59+01:00
Add pupnp-1.8/libupnp as well for CVE-2020-12695

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -62945,11 +62945,16 @@ CVE-2020-12695 (The Open Connectivity Foundation UPnP specification before 2020-
 	- gupnp 1.2.3-1
 	[buster] - gupnp 1.0.5-0+deb10u1
 	- minidlna 1.2.1+dfsg-3 (bug #976594)
+	- pupnp-1.8 <unfixed> (bug #983206)
+	[buster] - pupnp-1.8 <no-dsa> (Minor issue)
+	- libupnp <removed>
 	NOTE: https://w1.fi/security/2020-1/upnp-subscribe-misbehavior-wps-ap.txt
 	NOTE: https://w1.fi/security/2020-1/0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch
 	NOTE: https://w1.fi/security/2020-1/0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch
 	NOTE: https://w1.fi/security/2020-1/0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch
 	NOTE: https://sourceforge.net/p/minidlna/git/ci/06ee114731612462eb1eb1266f0431ccf59269d2 (v1_3_0)
+	NOTE: https://github.com/pupnp/pupnp/commit/5f76bf2858dd601bd985bf37a1db9f262c0ff7bf (release-1.14.0)
+	NOTE: https://github.com/pupnp/pupnp/commit/7b3f0f5f497f9f493c82307af495b87fa9ebdacb (release-1.14.0)
 CVE-2020-12694
 	RESERVED
 CVE-2020-12693 (Slurm 19.05.x before 19.05.7 and 20.02.x before 20.02.3, in the rare c ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/962cf95dbe3c4126d076e42a6155ae744290f718

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/962cf95dbe3c4126d076e42a6155ae744290f718
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210221/5b4290e3/attachment.htm>

More information about the debian-security-tracker-commits mailing list