Your message dated Wed, 19 Oct 2016 22:47:26 +0000
with message-id <[email protected]>
and subject line Bug#831857: fixed in libupnp 1:1.6.19+git20160116-1.1
has caused the Debian Bug report #831857,
regarding libupnp: CVE-2016-6255: write files via POST
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
831857: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=831857
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libupnp
Version: 1:1.6.17-1
Severity: grave
Tags: security upstream
Justification: user security hole
Hi
See http://www.openwall.com/lists/oss-security/2016/07/18/13 and
https://twitter.com/mjg59/status/755062278513319936 .
Proposed fix:
https://github.com/mjg59/pupnp-code/commit/be0a01bdb83395d9f3a5ea09c1308a4f1a972cbd
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libupnp
Source-Version: 1:1.6.19+git20160116-1.1
We believe that the bug you reported is fixed in the latest version of
libupnp, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
James Cowgill <[email protected]> (supplier of updated libupnp package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 19 Oct 2016 21:03:51 +0100
Source: libupnp
Binary: libupnp6 libupnp6-dev libupnp-dev libupnp6-dbg libupnp6-doc
Architecture: source
Version: 1:1.6.19+git20160116-1.1
Distribution: unstable
Urgency: high
Maintainer: Nick Leverton <[email protected]>
Changed-By: James Cowgill <[email protected]>
Description:
libupnp-dev - Portable SDK for UPnP Devices (development files)
libupnp6 - Portable SDK for UPnP Devices, version 1.6 (shared libraries)
libupnp6-dbg - debugging symbols for libupnp6
libupnp6-dev - Portable SDK for UPnP Devices, version 1.6 (development files)
libupnp6-doc - Documentation for the Portable SDK for UPnP Devices, version 1.6
Closes: 831857
Changes:
libupnp (1:1.6.19+git20160116-1.1) unstable; urgency=high
.
* Non-maintainer upload.
* Don't allow unhandled POSTs to write to the filesystem by
default (Closes: #831857) (CVE-2016-6255)
Thanks to Matthew Garrett for the patch.
Checksums-Sha1:
8f31c49dbce41876d8b24c2da80251ea01336680 2063
libupnp_1.6.19+git20160116-1.1.dsc
c1c0a4ec12985d7c05622de385089eb1b1499118 27556
libupnp_1.6.19+git20160116-1.1.debian.tar.xz
Checksums-Sha256:
f5f1ebe446db23082da1cfd02f0c7402c31e61e94758d332154282901f65fec6 2063
libupnp_1.6.19+git20160116-1.1.dsc
b046b9278c828dc2d6507dd470b8bf9ef81710b711748799d1812489df5672a7 27556
libupnp_1.6.19+git20160116-1.1.debian.tar.xz
Files:
a0befa3ea459b2448280b273709c81d8 2063 net optional
libupnp_1.6.19+git20160116-1.1.dsc
5ef9b6f217cd269cf186b68527ba4244 27556 net optional
libupnp_1.6.19+git20160116-1.1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJYB9WHAAoJEMfxZ23qLQHv2lIQAKIiJkq6VIsfVMXs7KA+0cu3
oql7QnodK/loAHXx+4DTi6ccqxCAXe05eILRDESwxBHkE+xUZMZQ2zAqmIt9cJIs
FPYRDJ6n7nAxejj2cgTa4ZxNcJRqpaInF/1R3lwD5U4Bn5mBRrCrTtDAZhjZKJhs
Mo33hCHPqVRRY2wTul1p7Ypp9oYtw/Y8ri3po43WSVVDTVp8TDoVJZ2+3lCL80tr
5eDcmCXBqnhp8BkCwOg368UBUi/fqfFj4CNnQ95P0V2RBD6jPZC35Ge5L1Yfi5dh
oXZBWYDqwRaLwCO1pH1PFpLKWrNAPNWW/N29yXhYHp69b2WRKB+YoBKx5qCv2M6C
OG0H6lEyvPyR3ot3uexlf2l/I5zzusQ50UCcQYGEKNlJPNYPgIaeU+bSP+KjywEQ
e/kUgPOHj2kLd1eqyerBGBIjOpt6GJyKoTCgDlOF15VXj2LnS2QPRgvDVAjvSK1P
OhzqkmIwa3hva1P92wJeTsQrCtBOUIocrSzAWXkZYKNX52JHMfziHbBHxb1FZ+4N
KwM52FJFujdZJ2yYe4RHjldtmH7jJudcnzOQpiUZCukBx35hxVnsm7oUtFWhdCXa
Gp81QE/Z/Bn5T9WyCDbVw/DUUdCf29WWiW4MO/bcJ/r1XuV2X2FE1PFdeGjVBGnd
j20rlFVcmlff870I1PJo
=b/rE
-----END PGP SIGNATURE-----
--- End Message ---
