UbuntuUpdates.org

Package "libgupnp-doc"

Name: libgupnp-doc

Description:

GObject-based library for UPnP (documentation)

Latest version: 1.2.3-0ubuntu0.20.04.2
Release: focal (20.04)
Level: security
Repository: main
Head package: gupnp
Homepage: https://wiki.gnome.org/Projects/GUPnP

Links


Download "libgupnp-doc"


Other versions of "libgupnp-doc" in Focal

Repository Area Version
base main 1.2.2-1
updates main 1.2.4-0ubuntu1

Changelog

Version: 1.2.3-0ubuntu0.20.04.2 2021-06-01 13:06:25 UTC

  gupnp (1.2.3-0ubuntu0.20.04.2) focal-security; urgency=medium

  * SECURITY UPDATE: DNS rebinding issue
    - debian/patches/CVE-2021-33516.patch: make sure that the host header
      matches the context in libgupnp/gupnp-context-private.h,
      libgupnp/gupnp-context.c, libgupnp/gupnp-service.c.
    - CVE-2021-33516

 -- Marc Deslauriers <email address hidden> Fri, 28 May 2021 07:59:59 -0400

Source diff to previous version
CVE-2021-33516 An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x before 1.2.5. It allows DNS rebinding. A remote web server can exploit this vulnera

Version: 1.2.3-0ubuntu0.20.04.1 2020-09-15 12:06:54 UTC

  gupnp (1.2.3-0ubuntu0.20.04.1) focal-security; urgency=medium

  * Updated to 1.2.3 to fix security issue.
    - debian/control.in: require libgssdp-1.2-dev (>= 1.2.3)
    - CVE-2020-12695

 -- Marc Deslauriers <email address hidden> Mon, 14 Sep 2020 09:18:59 -0400

CVE-2020-12695 The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on



About   -   Send Feedback to @ubuntu_updates