[Git][security-tracker-team/security-tracker][master] Revert "Mark minidlna issues as no-dsa"

Sun, 06 Dec 2020 00:15:41 -0800 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
13a9c41a by Salvatore Bonaccorso at 2020-12-06T09:14:35+01:00
Revert "Mark minidlna issues as no-dsa"

This reverts commit 1140fa69eb1c8fa380eb45a5949d7494a9914a25.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1654,7 +1654,6 @@ CVE-2020-28927 (There is a Stored XSS in Magicpin v2.1 in 
the User Registration
        NOT-FOR-US: Magicpin
 CVE-2020-28926 (ReadyMedia (aka MiniDLNA) before versions 1.3.0 allows remote 
code exe ...)
        - minidlna <unfixed> (bug #976595)
-       [buster] - minidlna <no-dsa> (Minor issue, DLNA only used in a trusted 
context)
        NOTE: 
https://www.rootshellsecurity.net/remote-heap-corruption-bug-discovery-minidlna/
        NOTE: 
https://sourceforge.net/p/minidlna/git/ci/9fba41008adebc1da0f4f6c6e27ae422ace3fe4a
 (v1_3_0)
 CVE-2020-28925
@@ -41328,7 +41327,6 @@ CVE-2020-12695 (The Open Connectivity Foundation UPnP 
specification before 2020-
        - gupnp 1.2.3-1
        [buster] - gupnp 1.0.5-0+deb10u1
        - minidlna <unfixed> (bug #976594)
-       [buster] - minidlna <no-dsa> (Minor issue, DLNA only used in a trusted 
context)
        NOTE: 
https://w1.fi/security/2020-1/upnp-subscribe-misbehavior-wps-ap.txt
        NOTE: 
https://w1.fi/security/2020-1/0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch
        NOTE: 
https://w1.fi/security/2020-1/0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/13a9c41a09d82039fd9c6d437698c16f7a162cda

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/13a9c41a09d82039fd9c6d437698c16f7a162cda
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to