[Secure-testing-team] Bug#699351: linux-igd is obsolete, use a very old libpunnp version subject to numerous security bug
Eric Valette
eric2.valette at orange.com
Wed Jan 30 14:42:11 UTC 2013
Package: linux-igd
Severity: grave
Tags: security
Justification: user security hole
Linux-igd is dead code, use very old libpunp version that contains
numerous security holes. Besides this version is not compatible with
IPV6 as required by UPnP IGD V2 specification.
So pklease obsolete this package and replace it with code at git://gitorious.org/igd2-for-linux/igd2-for-linux.git
-- System Information:
Debian Release: 7.0
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.7.5 (SMP w/4 CPU cores; PREEMPT)
Locale: LANG=en_US.UTF8, LC_CTYPE=en_US.UTF8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF8)
Shell: /bin/sh linked to /bin/bash
Versions of packages linux-igd depends on:
ii iptables 1.4.16.3-4
ii libc6 2.17-0experimental0
pn libupnp4 <none>
ii lsb-base 4.1+Debian9
linux-igd recommends no packages.
linux-igd suggests no packages.
More information about the Secure-testing-team
mailing list