Hi Yves, On 02/01/2013 09:29 PM, Yves-Alexis Perez wrote: > Package: djmount > Severity: grave > Tags: security > Justification: user security hole > > libupnp has multiple vulnerabilities in unique_service_name() function. > djmount embeds libupnp (which is a bad thing per se, another bug is > coming). > > As djmount is a “client” application I'm not sure it's really vulnerable > to this, so please investigate and adjust the severity if needed. > > Regards,
Sorry for the delay, djmount is always built using --with-external-libupnp and --with-external-talloc arguments to ensure is using libs provided by libtalloc-dev and libupnp-dev debian packages. Thanks for your interest. Regards. -- Dario Minnucci <mid...@debian.org> Phone: +34 902884117 | Fax: +34 902024417 | Support: +34 807450000 Key fingerprint = BAA1 7AAF B21D 6567 D457 D67D A82F BB83 F3D5 7033
signature.asc
Description: OpenPGP digital signature