CVS: cvs.openbsd.org: ports

Stuart Henderson Tue, 29 Jan 2013 08:14:19 -0800

CVSROOT:        /cvs
Module name:    ports
Changes by:     st...@cvs.openbsd.org   2013/01/29 09:14:06


Modified files:
        net/libupnp    : Makefile distinfo 
        net/libupnp/pkg: PLIST 
Removed files:
        net/libupnp/pkg: PFRAG.shared 

Log message:
SECURITY update to libupnp 1.6.18   http://www.kb.cert.org/vuls/id/922681

- at least three remotely exploitable buffer overflows in the
unique_service_name() function, which is called to process incoming
SSDP requests on UDP port 1900.

- devices that use libupnp may also accept UPnP queries over the
WAN interface, therefore exposing the vulnerabilitites to the
internet.

(and roll shared libs from PFRAG.shared into PLIST while there).

CVS: cvs.openbsd.org: ports

Reply via email to