Package: release.debian.org
Severity: normal
Tags: trixie
X-Debbugs-Cc: [email protected], [email protected]
Control: affects -1 + src:pupnp
User: [email protected]
Usertags: pu

  * CVE-2026-41682: SSRF port confusion
diffstat for pupnp-1.14.20 pupnp-1.14.20

 changelog                                                      |    7 ++
 patches/0001-uri.c-Dominik-Blain-s-fix-for-vulnerability.patch |   31 
++++++++++
 patches/series                                                 |    1 
 3 files changed, 39 insertions(+)

diff -Nru pupnp-1.14.20/debian/changelog pupnp-1.14.20/debian/changelog
--- pupnp-1.14.20/debian/changelog      2024-12-15 20:06:48.000000000 +0200
+++ pupnp-1.14.20/debian/changelog      2026-06-22 14:21:09.000000000 +0300
@@ -1,3 +1,10 @@
+pupnp (1:1.14.20-1+deb13u1) trixie; urgency=medium
+
+  * Non-maintainer upload.
+  * CVE-2026-41682: SSRF port confusion
+
+ -- Adrian Bunk <[email protected]>  Mon, 22 Jun 2026 14:21:09 +0300
+
 pupnp (1:1.14.20-1) unstable; urgency=medium
 
   * New upstream version 1.14.20
diff -Nru 
pupnp-1.14.20/debian/patches/0001-uri.c-Dominik-Blain-s-fix-for-vulnerability.patch
 
pupnp-1.14.20/debian/patches/0001-uri.c-Dominik-Blain-s-fix-for-vulnerability.patch
--- 
pupnp-1.14.20/debian/patches/0001-uri.c-Dominik-Blain-s-fix-for-vulnerability.patch
 1970-01-01 02:00:00.000000000 +0200
+++ 
pupnp-1.14.20/debian/patches/0001-uri.c-Dominik-Blain-s-fix-for-vulnerability.patch
 2026-06-22 14:20:40.000000000 +0300
@@ -0,0 +1,31 @@
+From 7e960b98f8079a1adf8d64ecd212e661db7f7c9c Mon Sep 17 00:00:00 2001
+From: Marcelo Roberto Jimenez <[email protected]>
+Date: Sat, 18 Apr 2026 13:01:35 -0300
+Subject: uri.c: Dominik Blain's fix for vulnerability
+
+See:
+https://github.com/pupnp/pupnp/security/advisories/GHSA-q522-6w45-4j58
+
+Signed-off-by: Marcelo Roberto Jimenez <[email protected]>
+---
+ upnp/src/genlib/net/uri/uri.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/upnp/src/genlib/net/uri/uri.c b/upnp/src/genlib/net/uri/uri.c
+index 772d671e..ea64d9ff 100644
+--- a/upnp/src/genlib/net/uri/uri.c
++++ b/upnp/src/genlib/net/uri/uri.c
+@@ -403,6 +403,10 @@ static int parse_hostport(
+               srvport = c;
+               while (*c != '\0' && isdigit(*c))
+                       c++;
++              long port_l = strtol(srvport, NULL, 10);
++              if (port_l <= 0 || port_l > 65535) {
++                      return UPNP_E_INVALID_URL;
++              }
+               port = (unsigned short int)atoi(srvport);
+               if (port == 0)
+                       /* Bad port number. */
+-- 
+2.47.3
+
diff -Nru pupnp-1.14.20/debian/patches/series 
pupnp-1.14.20/debian/patches/series
--- pupnp-1.14.20/debian/patches/series 1970-01-01 02:00:00.000000000 +0200
+++ pupnp-1.14.20/debian/patches/series 2026-06-22 14:21:07.000000000 +0300
@@ -0,0 +1 @@
+0001-uri.c-Dominik-Blain-s-fix-for-vulnerability.patch

Reply via email to