Hello, as you may have noticed, the vulnerability has already been fixed. Changelog.txt entry is : /2015/09/15:// // Fix buffer overflow in igd_desc_parse.c/IGDstartelt()// // Discovered by Aleksandar Nikolic of Cisco Talos// / The last source code releases on http://miniupnp.free.fr/files/ : miniupnpc-1.9.20150917.tar.gz miniupnpc-1.9.20151008.tar.gz are both fixed.
all previous releases are vulnerable. Regards, Thomas Le 22/10/2015 08:26, Salvatore Bonaccorso a écrit : > Source: miniupnpc > Version: 1.5-2 > Severity: grave > Tags: security patch upstream fixed-upstream > Justification: user security hole > > Hi, > > the following vulnerability was published for miniupnpc. > > CVE-2015-6031[0]: > Buffer overflow vulnerability in XML parser functionality > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2015-6031 > [1] > https://github.com/miniupnp/miniupnp/commit/79cca974a4c2ab1199786732a67ff6d898051b78 > > Regards, > Salvatore >
