On 25 May 2022 22:13:27 +0800 Marcos Carot <marcos.ca...@gmail.com> wrote: > Package: minidlna > Version: 1.3.0+dfsg-2.2 > > * What led up to the situation? browse localhost:8200 > * What was the outcome of this action? "not found" page shown - > logs show upnphttp.c:922: error: DNS rebinding attack suspected > * What outcome did you expect instead? page shown. > > Please note, this seems to be a security issue: > https://security.snyk.io/vuln/SNYK-UNMANAGED-MINIDLNA-2419090
Isn't that the result of the patch that addresses that specific issue? IIUC version 1.3.0+dfsg-2.2 was specifically to address that. https://tracker.debian.org/news/1315039/accepted-minidlna-130dfsg-22-source-into-unstable/ Changes: minidlna (1.3.0+dfsg-2.2) unstable; urgency=medium . * Non-maintainer upload. * CVE-2022-26505 Validate HTTP requests to protect against DNS rebinding, thus forbid a remote web server to exfiltrate media files. (Closes: #1006798) https://salsa.debian.org/debian/minidlna/-/commit/9017019ac446b945c92a976a8dcebab3d7789927 is the commit in the salsa repo for this.
signature.asc
Description: This is a digitally signed message part.
