Bug#967996: buster-pu: package gupnp/1.0.5-0+deb10u1
Emilio Pozuelo Monfort
pochu at debian.org
Thu Aug 6 12:40:42 BST 2020
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian.org at packages.debian.org
Usertags: pu
Hi,
This fixes CVE-2020-12695 (CallStranger) in the gupnp library,
which benefits servers using it such as rygel. As for gssdp,
I updated to 1.0.5 as the other changes seemed sensible, but
let me know if you prefer a minimal update.
I found a bug in the update that could cause a remote user to
crash a server, it's been reviewed and fixed upstream, and is
included as a patch. With that, things seem to work well on
my (limited) tests and CallStranger is addressed.
Thanks,
Emilio
-------------- next part --------------
A non-text attachment was scrubbed...
Name: gupnp.debdiff.gz
Type: application/gzip
Size: 73476 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnome-maintainers/attachments/20200806/e8abb0f6/attachment-0001.gz>
More information about the pkg-gnome-maintainers
mailing list