Oh, so there is no way now to access the web page from minidlna? Cheers. On Fri, 8 Jul 2022 at 21:06, Diederik de Haas <didi.deb...@cknow.org> wrote:
> On 25 May 2022 22:13:27 +0800 Marcos Carot <marcos.ca...@gmail.com> wrote: > > Package: minidlna > > Version: 1.3.0+dfsg-2.2 > > > > * What led up to the situation? browse localhost:8200 > > * What was the outcome of this action? "not found" page shown - > > logs show upnphttp.c:922: error: DNS rebinding attack suspected > > * What outcome did you expect instead? page shown. > > > > Please note, this seems to be a security issue: > > https://security.snyk.io/vuln/SNYK-UNMANAGED-MINIDLNA-2419090 > > Isn't that the result of the patch that addresses that specific issue? > IIUC version 1.3.0+dfsg-2.2 was specifically to address that. > > > https://tracker.debian.org/news/1315039/accepted-minidlna-130dfsg-22-source-into-unstable/ > > Changes: > minidlna (1.3.0+dfsg-2.2) unstable; urgency=medium > . > * Non-maintainer upload. > * CVE-2022-26505 > Validate HTTP requests to protect against DNS rebinding, thus forbid > a remote web server to exfiltrate media files. > (Closes: #1006798) > > > https://salsa.debian.org/debian/minidlna/-/commit/9017019ac446b945c92a976a8dcebab3d7789927 > is the commit in the salsa repo for this. -- Marcos R Carot