Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 13a9c41a by Salvatore Bonaccorso at 2020-12-06T09:14:35+01:00 Revert "Mark minidlna issues as no-dsa" This reverts commit 1140fa69eb1c8fa380eb45a5949d7494a9914a25. - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1654,7 +1654,6 @@ CVE-2020-28927 (There is a Stored XSS in Magicpin v2.1 in the User Registration NOT-FOR-US: Magicpin CVE-2020-28926 (ReadyMedia (aka MiniDLNA) before versions 1.3.0 allows remote code exe ...) - minidlna <unfixed> (bug #976595) - [buster] - minidlna <no-dsa> (Minor issue, DLNA only used in a trusted context) NOTE: https://www.rootshellsecurity.net/remote-heap-corruption-bug-discovery-minidlna/ NOTE: https://sourceforge.net/p/minidlna/git/ci/9fba41008adebc1da0f4f6c6e27ae422ace3fe4a (v1_3_0) CVE-2020-28925 @@ -41328,7 +41327,6 @@ CVE-2020-12695 (The Open Connectivity Foundation UPnP specification before 2020- - gupnp 1.2.3-1 [buster] - gupnp 1.0.5-0+deb10u1 - minidlna <unfixed> (bug #976594) - [buster] - minidlna <no-dsa> (Minor issue, DLNA only used in a trusted context) NOTE: https://w1.fi/security/2020-1/upnp-subscribe-misbehavior-wps-ap.txt NOTE: https://w1.fi/security/2020-1/0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch NOTE: https://w1.fi/security/2020-1/0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/13a9c41a09d82039fd9c6d437698c16f7a162cda -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/13a9c41a09d82039fd9c6d437698c16f7a162cda You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits