Package: libupnp
Severity: important
When using the UpnpSendActionAsync method (and possibly other Async
methods), the SDK stores the URL for the action in a struct
UpnpNonblockParam. This has a fixed length array for storing the action
URL of 100 characters. Some UPNP servers routinely generate
to base a serious application on
the current version. Either that or it's actually perfectly safe and I'm
just using it 'wrong' :)
Arthur
--
Arthur Taylor, +44 (0) 1223 271512
Reciva Limited,
509 Coldhams Lane,
Cambridge,
CB1 3JS. England
Fax: +44 (0) 1223 702991
diff -ur libupnp/upnp/inc
;
+//}
return 0;
} else if( status == PARSE_FAILURE ) {
--
Arthur Taylor, +44 (0) 1223 271512
Reciva Limited,
509 Coldhams Lane,
Cambridge,
CB1 3JS. England
Fax: +44 (0) 1223 702991
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact
Hi Nick,
Thanks for getting back. We used that patch here for a while so it was
sound against v1.2.1, but we have since embarked on a rewrite (because
that seemed easier than trying to weed out all the fixed-length buffers
and possible other liabilities). The rewrite is in a different
Package: gupnp-tools
Version: 0.6-1
Severity: normal
Tags: patch
gupnp-universal-cp can send UPnP arguments in the wrong order when
invoking actions. The UPnP spec requires that
action arguments are sent in the order in which they appear in the SCPD.
What's worse, the DLNA spec requires
Package: php-gettext
Version: 1.0.7-6
Severity: normal
Tags: patch
When included in a project that uses strict error checking (don't know
how may php projects do), the library fails out in a couple of places.
For example:
E_STRICT: Creating default object from empty value
in
Package: awesome
Version: 3.4.15-1+b1
Followup-For: Bug #744894
Seeing the same thing that Thierry reports here on 3.4.15-1+b1, using
google-chrome (34.0.1847.132)
Thanks,
Arthur
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500,
7 matches
Mail list logo
