Package: release.debian.org Severity: normal Tags: trixie X-Debbugs-Cc: [email protected], [email protected] Control: affects -1 + src:pupnp User: [email protected] Usertags: pu
* CVE-2026-41682: SSRF port confusion
diffstat for pupnp-1.14.20 pupnp-1.14.20 changelog | 7 ++ patches/0001-uri.c-Dominik-Blain-s-fix-for-vulnerability.patch | 31 ++++++++++ patches/series | 1 3 files changed, 39 insertions(+) diff -Nru pupnp-1.14.20/debian/changelog pupnp-1.14.20/debian/changelog --- pupnp-1.14.20/debian/changelog 2024-12-15 20:06:48.000000000 +0200 +++ pupnp-1.14.20/debian/changelog 2026-06-22 14:21:09.000000000 +0300 @@ -1,3 +1,10 @@ +pupnp (1:1.14.20-1+deb13u1) trixie; urgency=medium + + * Non-maintainer upload. + * CVE-2026-41682: SSRF port confusion + + -- Adrian Bunk <[email protected]> Mon, 22 Jun 2026 14:21:09 +0300 + pupnp (1:1.14.20-1) unstable; urgency=medium * New upstream version 1.14.20 diff -Nru pupnp-1.14.20/debian/patches/0001-uri.c-Dominik-Blain-s-fix-for-vulnerability.patch pupnp-1.14.20/debian/patches/0001-uri.c-Dominik-Blain-s-fix-for-vulnerability.patch --- pupnp-1.14.20/debian/patches/0001-uri.c-Dominik-Blain-s-fix-for-vulnerability.patch 1970-01-01 02:00:00.000000000 +0200 +++ pupnp-1.14.20/debian/patches/0001-uri.c-Dominik-Blain-s-fix-for-vulnerability.patch 2026-06-22 14:20:40.000000000 +0300 @@ -0,0 +1,31 @@ +From 7e960b98f8079a1adf8d64ecd212e661db7f7c9c Mon Sep 17 00:00:00 2001 +From: Marcelo Roberto Jimenez <[email protected]> +Date: Sat, 18 Apr 2026 13:01:35 -0300 +Subject: uri.c: Dominik Blain's fix for vulnerability + +See: +https://github.com/pupnp/pupnp/security/advisories/GHSA-q522-6w45-4j58 + +Signed-off-by: Marcelo Roberto Jimenez <[email protected]> +--- + upnp/src/genlib/net/uri/uri.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/upnp/src/genlib/net/uri/uri.c b/upnp/src/genlib/net/uri/uri.c +index 772d671e..ea64d9ff 100644 +--- a/upnp/src/genlib/net/uri/uri.c ++++ b/upnp/src/genlib/net/uri/uri.c +@@ -403,6 +403,10 @@ static int parse_hostport( + srvport = c; + while (*c != '\0' && isdigit(*c)) + c++; ++ long port_l = strtol(srvport, NULL, 10); ++ if (port_l <= 0 || port_l > 65535) { ++ return UPNP_E_INVALID_URL; ++ } + port = (unsigned short int)atoi(srvport); + if (port == 0) + /* Bad port number. */ +-- +2.47.3 + diff -Nru pupnp-1.14.20/debian/patches/series pupnp-1.14.20/debian/patches/series --- pupnp-1.14.20/debian/patches/series 1970-01-01 02:00:00.000000000 +0200 +++ pupnp-1.14.20/debian/patches/series 2026-06-22 14:21:07.000000000 +0300 @@ -0,0 +1 @@ +0001-uri.c-Dominik-Blain-s-fix-for-vulnerability.patch

