On Thu, Oct 06, 2016 at 02:16:26AM -0400, Leo Famulari wrote: > Subject: [PATCH 0/1] libupnp remote filesystem access CVE-2016-6255 > > You can use libupnp on a remote server to read and write the filesystem > with the privileges of the libupnp process: > > http://seclists.org/oss-sec/2016/q3/102 > > This patch cherry-picks the upstream commit: > > https://github.com/mrjimenez/pupnp/commit/d64d6a44906b5aa5306bdf1708531d698654dda5 > > Leo Famulari (1): > gnu: libupnp: Fix CVE-2016-6255. > > gnu/local.mk | 1 + > gnu/packages/libupnp.scm | 2 + > gnu/packages/patches/libupnp-CVE-2016-6255.patch | 86 > ++++++++++++++++++++++++ > 3 files changed, 89 insertions(+) > create mode 100644 gnu/packages/patches/libupnp-CVE-2016-6255.patch > > -- > 2.10.1 >
Looks good to me -- Efraim Flashner <efr...@flashner.co.il> אפרים פלשנר GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 Confidentiality cannot be guaranteed on emails sent or received unencrypted
signature.asc
Description: PGP signature
