On Thu, Oct 06, 2016 at 09:28:34PM +0200, Ludovic Courtès wrote:
> Leo Famulari skribis:
> > +From d64d6a44906b5aa5306bdf1708531d698654dda5 Mon Sep 17 00:00:00 2001
> > +From: Matthew Garrett
> > +Date: Tue, 23 Feb 2016 13:53:20 -0800
> > +Subject: [PATCH] Don't allow unhandled POSTs to write to
Leo Famulari skribis:
> * gnu/packages/patches/libupnp-CVE-2016-6255.patch: New file.
> * gnu/local.mk (dist_patch_DATA): Add it.
> * gnu/packages/libupnp.scm (libupnp): Use it.
[...]
> +From d64d6a44906b5aa5306bdf1708531d698654dda5 Mon Sep 17 00:00:00 2001
> +From: Matthew G
On Thu, Oct 06, 2016 at 02:16:26AM -0400, Leo Famulari wrote:
> Subject: [PATCH 0/1] libupnp remote filesystem access CVE-2016-6255
>
> You can use libupnp on a remote server to read and write the filesystem
> with the privileges of the libupnp process:
>
> http://seclists.o
* gnu/packages/patches/libupnp-CVE-2016-6255.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/libupnp.scm (libupnp): Use it.
---
gnu/local.mk | 1 +
gnu/packages/libupnp.scm | 2 +
gnu/packages/patches/libupnp
