On Fri, May 18, 2012 at 08:43:52PM +0200, Florian Weimer wrote: > * Touko Korpela: > > > Upstream changelog for libupnp (/usr/share/doc/libupnp6/changelog.gz) lists > > many fixes for buffer overflows in version 1.6.16. Should this be added to > > tracker and check if CVE number is allocated? > > It seems that the list of issues is fairly long. Have you got a list > of source code commits?
Unfortunately, no. I only noticed this from the changelog. Maybe maintainer and/or upstream can tell if this can be exploited. -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
