[Secure-testing-team] Bug#831857: libupnp: write files via POST
Salvatore Bonaccorso
carnil at debian.org
Wed Jul 20 09:03:34 UTC 2016
Source: libupnp
Version: 1:1.6.17-1
Severity: grave
Tags: security upstream
Justification: user security hole
Hi
See http://www.openwall.com/lists/oss-security/2016/07/18/13 and
https://twitter.com/mjg59/status/755062278513319936 .
Proposed fix:
https://github.com/mjg59/pupnp-code/commit/be0a01bdb83395d9f3a5ea09c1308a4f1a972cbd
Regards,
Salvatore
More information about the Secure-testing-team
mailing list