Package: minidlna Version: 1.3.0+dfsg-2.2 Severity: important X-Debbugs-Cc: marcos.ca...@gmail.com
Dear Maintainer, * What led up to the situation? browse localhost:8200 * What was the outcome of this action? "not found" page shown - logs show upnphttp.c:922: error: DNS rebinding attack suspected * What outcome did you expect instead? page shown. Please note, this seems to be a security issue: https://security.snyk.io/vuln/SNYK-UNMANAGED-MINIDLNA-2419090 -- System Information: Debian Release: bookworm/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.17.0-1-amd64 (SMP w/16 CPU threads; PREEMPT) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:es:en_US Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages minidlna depends on: ii adduser 3.121 ii init-system-helpers 1.62 ii libavformat58 7:4.4.2-1 ii libavutil56 7:4.4.2-1 ii libc6 2.33-7 ii libexif12 0.6.24-1 ii libflac8 1.3.4-1 ii libid3tag0 0.15.1b-14 ii libjpeg62-turbo 1:2.1.2-1 ii libogg0 1.3.4-0.1 ii libsqlite3-0 3.38.5-1 ii libvorbis0a 1.3.7-1 ii lsb-base 11.1.0 minidlna recommends no packages. minidlna suggests no packages. -- Configuration Files: /etc/minidlna.conf changed [not included] -- no debconf information
