Subject: [PATCH 0/1] libupnp remote filesystem access CVE-2016-6255 You can use libupnp on a remote server to read and write the filesystem with the privileges of the libupnp process:
http://seclists.org/oss-sec/2016/q3/102 This patch cherry-picks the upstream commit: https://github.com/mrjimenez/pupnp/commit/d64d6a44906b5aa5306bdf1708531d698654dda5 Leo Famulari (1): gnu: libupnp: Fix CVE-2016-6255. gnu/local.mk | 1 + gnu/packages/libupnp.scm | 2 + gnu/packages/patches/libupnp-CVE-2016-6255.patch | 86 ++++++++++++++++++++++++ 3 files changed, 89 insertions(+) create mode 100644 gnu/packages/patches/libupnp-CVE-2016-6255.patch -- 2.10.1
