UbuntuUpdates.org

Package "libminiupnpc10"

Name: libminiupnpc10

Description:

UPnP IGD client lightweight library

Latest version: 1.9.20140610-2ubuntu2.16.04.2
Release: xenial (16.04)
Level: security
Repository: main
Head package: miniupnpc
Homepage: http://miniupnp.free.fr/

Links


Download "libminiupnpc10"


Other versions of "libminiupnpc10" in Xenial

Repository Area Version
base main 1.9.20140610-2ubuntu2
updates main 1.9.20140610-2ubuntu2.16.04.2

Changelog

Version: 1.9.20140610-2ubuntu2.16.04.2 2018-02-07 20:06:37 UTC

  miniupnpc (1.9.20140610-2ubuntu2.16.04.2) xenial-security; urgency=medium

  * SECURITY UPDATE: multiple overflows
    - debian/patches/CVE-2017-1000494-1.patch: properly initialize data
      structure for SOAP parsing in upnpreplyparse.c.
    - debian/patches/CVE-2017-1000494-2.patch: fix heap buffer overflow in
      minixml.c.
    - CVE-2017-1000494

 -- Marc Deslauriers <email address hidden> Wed, 31 Jan 2018 13:46:02 -0500

Source diff to previous version

Version: 1.9.20140610-2ubuntu2.16.04.1 2017-05-24 14:06:47 UTC

  miniupnpc (1.9.20140610-2ubuntu2.16.04.1) xenial-security; urgency=medium

  * SECURITY UPDATE: integer signedness error
    - debian/patches/CVE-2017-8798_integer_signedness_error.patch: fix
      comparisons in miniwget.c.
    - CVE-2017-8798
  * SECURITY UPDATE: buffer overflow in simpleUPnPcommand2
    - debian/patches/More_accurate_checking_*.patch: perform better
      checking while writing buffer in miniupnpc.c.
    - No CVE number

 -- Marc Deslauriers <email address hidden> Fri, 19 May 2017 11:18:26 -0400

CVE-2017-8798 Integer signedness error in MiniUPnP MiniUPnPc v1.4.20101221 through v2.0 allows remote attackers to cause a denial of service or possibly have unspe



About   -   Send Feedback to @ubuntu_updates