Your message dated Fri, 07 Jun 2019 00:10:15 +0000 with message-id <e1hz2sv-000hip...@fasolo.debian.org> and subject line Bug#930050: fixed in miniupnpd 2.1-6 has caused the Debian Bug report #930050, regarding miniupnpd: CVE-2019-12107 CVE-2019-12108 CVE-2019-12109 CVE-2019-12110 CVE-2019-12111 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 930050: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930050 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: miniupnpd Version: 2.1-5 Severity: grave Tags: security upstream Justification: user security hole Control: found -1 1.8.20140523-4.1+deb9u1 Control: found -1 1.8.20140523-1 Hi, The following vulnerabilities were published for miniupnpd. CVE-2019-12107[0]: | The upnp_event_prepare function in upnpevents.c in MiniUPnP MiniUPnPd | through 2.1 allows a remote attacker to leak information from the heap | due to improper validation of an snprintf return value. CVE-2019-12108[1]: | A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 | exists due to a NULL pointer dereference in GetOutboundPinholeTimeout | in upnpsoap.c for int_port. CVE-2019-12109[2]: | A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 | exists due to a NULL pointer dereference in GetOutboundPinholeTimeout | in upnpsoap.c for rem_port. CVE-2019-12110[3]: | An AddPortMapping Denial Of Service vulnerability in MiniUPnP | MiniUPnPd through 2.1 exists due to a NULL pointer dereference in | upnpredirect.c. CVE-2019-12111[4]: | A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 | exists due to a NULL pointer dereference in copyIPv6IfDifferent in | pcpserver.c. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-12107 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12107 [1] https://security-tracker.debian.org/tracker/CVE-2019-12108 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12108 [2] https://security-tracker.debian.org/tracker/CVE-2019-12109 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12109 [3] https://security-tracker.debian.org/tracker/CVE-2019-12110 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12110 [4] https://security-tracker.debian.org/tracker/CVE-2019-12111 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12111 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: miniupnpd Source-Version: 2.1-6 We believe that the bug you reported is fixed in the latest version of miniupnpd, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 930...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Thomas Goirand <z...@debian.org> (supplier of updated miniupnpd package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 07 Jun 2019 00:37:36 +0200 Source: miniupnpd Binary: miniupnpd miniupnpd-dbgsym Architecture: source amd64 Version: 2.1-6 Distribution: unstable Urgency: medium Maintainer: Thomas Goirand <z...@debian.org> Changed-By: Thomas Goirand <z...@debian.org> Description: miniupnpd - UPnP and NAT-PMP daemon for gateway routers Closes: 930050 Changes: miniupnpd (2.1-6) unstable; urgency=medium . * Add upstream patches for CVE-2019-12107 CVE-2019-12108 CVE-2019-12109 CVE-2019-12110 CVE-2019-12111 (Closes: #930050). Checksums-Sha1: e48f5b18dbe4c519a4e0092aec638fe27b619ce6 1964 miniupnpd_2.1-6.dsc c8b4d3eee0a4e8c8138d69d40dbb7afb97a84fd2 25276 miniupnpd_2.1-6.debian.tar.xz 03ba4265be398a87fb434f2f2f083055b9112c71 205392 miniupnpd-dbgsym_2.1-6_amd64.deb 476cb485ce58d53e1cf1124d4d32eb789069638a 5784 miniupnpd_2.1-6_amd64.buildinfo f2e1984634d37e18efa9cb08b920a5ee72674113 102976 miniupnpd_2.1-6_amd64.deb Checksums-Sha256: 7f3671386fc45206b200580301e943a6525d3035e35463d96d57a7f198ca61c0 1964 miniupnpd_2.1-6.dsc b5ee4ce6d719c866077ab771ed2180f96880fc16f432206f9f508890379fce7d 25276 miniupnpd_2.1-6.debian.tar.xz f43d8c242915f1416c815c58f92038d35d326cba362a58a21813e05076fe249a 205392 miniupnpd-dbgsym_2.1-6_amd64.deb 638cae0eb6d5f2d278dcbcfe6e8a60988516fe5329e112b521b0309596325866 5784 miniupnpd_2.1-6_amd64.buildinfo 415512cb9db117ea4863299bf96627291d949c1d420b88bc5bb53e20a76a3091 102976 miniupnpd_2.1-6_amd64.deb Files: ee4f8e0bbf3edae25cec2f5999712d71 1964 net optional miniupnpd_2.1-6.dsc 8d3918acd49d860b908d970c1e48a42b 25276 net optional miniupnpd_2.1-6.debian.tar.xz 82704a32c1801345c06b8e10df8074ea 205392 debug optional miniupnpd-dbgsym_2.1-6_amd64.deb b55cba3aa8f9707cb58996f522e9d40e 5784 net optional miniupnpd_2.1-6_amd64.buildinfo e5c6581444b78d4e2dfc217ad5624619 102976 net optional miniupnpd_2.1-6_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEtKCq/KhshgVdBnYUq1PlA1hod6YFAlz5lkIACgkQq1PlA1ho d6bzVw//dnQSuwUEjnKNzk45we3VaGL8Fq/mARCK4DL3pPmEjr4mqqbdpAi43zf8 ghceJSyD5vuALXJjK4ZHOG2UMFJnlm4sbSytAL/6DDyj+bYC5jMXOE4hflNea+/9 JCWTKv8G7sJvrGL2i5kfmHJmmSOI3uu4a3/8PRoYIDt6GjSHdte7Qc6eKPGQbyve Q0scO6ZT8QHKwO0naxQC6nGCKeaUs4gEzdlG0KymPN2DfL+GkcEUo6WYY9SJqF2j haIOf/miiLTwVs0AskODo45y/wvD2xtd93fKgzu+g5VMh2fejAocNfZZGlB89EvL hBPq/UIZ6gtkfnuimSvC/W83TDaNxpEZncGtlVwEHtOWVFQmFe01MYtQFSFbEi9Q j9XfT0NZw/GD3e3zymU3c/4Cxhjq/A3ue/BO0GKa1DlLm3fY2RVpbuMXwR/sbgYc 4P+PJPyHMAx5R4FfuvWcQCpoOCe6wbPwAtXiIUfycXv0yk2MTNaP4r2QxclosAnk RsFsBHNDjCAJdWN0/DC4vR2ou/VqFUwHDFVr9aOImWh3F27IRF57Y1TV5rhzOSxV hRPNyBnZ5v3VH4SmDFSfU6NFLh5xJszd8XJERXW1uiWt+N6DlzR974rOQwtO8WKD t2Afo7vcsHwPWYCDRU0Uq1OudBBn9Ht0bujnD3Pibe/Kj3gbuYE= =BdNK -----END PGP SIGNATURE-----
--- End Message ---
