Bug#699351: linux-gd obsolete and lubupnp4

[VALETTE Eric OLNC/OLPS]

On 01/30/2013 10:26 PM, Scott Howard wrote: Hello Eric, You wrote: "Linux-igd is dead code, use very old libpunp version that contains numerous security holes. Besides this version is not compatible with IPV6 as required by UPnP IGD V2 specification." I believe you mean libupnp4 contains numerous security holes - have they been reported in Debian? That could be serious with implications beyond linux-gd and needs to be addressed immediately. I don't see any reported [1]. Look at the CVE that have been filled regarding libupnp6 and the associated bugs. Are there security problems with linux-igd independent of libupnp4? Yes fixed in UPnP IGD V2because the specification themszelves addressed the security concerns. It seems that the main bug is the linux-igd is not compatible with UPnP IGD V2. If that is the case, I don't think this is an RC bug (severity Grave). A "normal" severity seems more appropriate to me. Regards, Scott [1] http://bugs.debian.org/cgi-bin/pkgreport.cgi?ordering=normal;archive=0;src=""> -- Eric Valette Orange Lab Product and Services Homebox Etudes Architecture et Développement Architecte Livebox et Set Top Box tél : (+33) 2 99 12 45 71 mél : <mailto:eric2.vale...@orange.com> -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org