Your message dated Sat, 03 Aug 2019 19:06:20 +0000 with message-id <e1htzmc-0003mc...@fasolo.debian.org> and subject line Bug#930050: fixed in miniupnpd 1.8.20140523-4.1+deb9u2 has caused the Debian Bug report #930050, regarding miniupnpd: CVE-2019-12107 CVE-2019-12108 CVE-2019-12109 CVE-2019-12110 CVE-2019-12111 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 930050: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930050 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: miniupnpd Version: 2.1-5 Severity: grave Tags: security upstream Justification: user security hole Control: found -1 1.8.20140523-4.1+deb9u1 Control: found -1 1.8.20140523-1 Hi, The following vulnerabilities were published for miniupnpd. CVE-2019-12107[0]: | The upnp_event_prepare function in upnpevents.c in MiniUPnP MiniUPnPd | through 2.1 allows a remote attacker to leak information from the heap | due to improper validation of an snprintf return value. CVE-2019-12108[1]: | A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 | exists due to a NULL pointer dereference in GetOutboundPinholeTimeout | in upnpsoap.c for int_port. CVE-2019-12109[2]: | A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 | exists due to a NULL pointer dereference in GetOutboundPinholeTimeout | in upnpsoap.c for rem_port. CVE-2019-12110[3]: | An AddPortMapping Denial Of Service vulnerability in MiniUPnP | MiniUPnPd through 2.1 exists due to a NULL pointer dereference in | upnpredirect.c. CVE-2019-12111[4]: | A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 | exists due to a NULL pointer dereference in copyIPv6IfDifferent in | pcpserver.c. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-12107 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12107 [1] https://security-tracker.debian.org/tracker/CVE-2019-12108 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12108 [2] https://security-tracker.debian.org/tracker/CVE-2019-12109 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12109 [3] https://security-tracker.debian.org/tracker/CVE-2019-12110 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12110 [4] https://security-tracker.debian.org/tracker/CVE-2019-12111 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12111 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: miniupnpd Source-Version: 1.8.20140523-4.1+deb9u2 We believe that the bug you reported is fixed in the latest version of miniupnpd, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 930...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Thomas Goirand <z...@debian.org> (supplier of updated miniupnpd package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 07 Jun 2019 09:16:03 +0200 Source: miniupnpd Binary: miniupnpd Architecture: source Version: 1.8.20140523-4.1+deb9u2 Distribution: stretch Urgency: medium Maintainer: Thomas Goirand <z...@debian.org> Changed-By: Thomas Goirand <z...@debian.org> Description: miniupnpd - UPnP and NAT-PMP daemon for gateway routers Closes: 930050 Changes: miniupnpd (1.8.20140523-4.1+deb9u2) stretch; urgency=medium . * Applied upstream patches for CVE-2019-12107, CVE-2019-12108, CVE-2019-12109, CVE-2019-12110. This version looks like not affected by CVE-2019-12111. (Closes: #930050). Checksums-Sha1: 7bca0a9187fc3a15cf876120fdc6e6b044dd23fa 1973 miniupnpd_1.8.20140523-4.1+deb9u2.dsc c5447ef5ac5a938305799243d222756743ad4679 19660 miniupnpd_1.8.20140523-4.1+deb9u2.debian.tar.xz ca266c8ca29195879340b9e300bb988dd6e8e36b 6347 miniupnpd_1.8.20140523-4.1+deb9u2_amd64.buildinfo Checksums-Sha256: 9ed902ef2e830dd51a5e127a2d966cd664cc3d67c3d2c0ed7c33fe82deca0e27 1973 miniupnpd_1.8.20140523-4.1+deb9u2.dsc 28ce01d21d0d3695e0730193dccba3b17c9e40630a4252fc5d405a5fee105def 19660 miniupnpd_1.8.20140523-4.1+deb9u2.debian.tar.xz 50247febf9fe17931375c2c69008664365b6327678f321540660dea02afcb288 6347 miniupnpd_1.8.20140523-4.1+deb9u2_amd64.buildinfo Files: 2e1535564529d105dddc6018bd8df6ab 1973 net optional miniupnpd_1.8.20140523-4.1+deb9u2.dsc a71cd9f0aeb4ada47cd53c6b92e64fef 19660 net optional miniupnpd_1.8.20140523-4.1+deb9u2.debian.tar.xz 1abdf972d26b2ea9125c7b5a032ba8a0 6347 net optional miniupnpd_1.8.20140523-4.1+deb9u2_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAl0++9UACgkQ1BatFaxr Q/61JA/+ICg8UMdKn066FfjfR4heMsvky2RKzB1YN5Fhav7NOsiD9xrIY/qUAI5u JG7lZ0fXhMhQ2jNHyM1nPM8sTIphRFl5BmrS5XCdel9sKPGlc4aW5SmsWT7dP6k8 0aGAwMMxc6WagkAmL02xrre9YglyS4sCj9z48KtUMCEUO3v4rlvOJe4TuYnBwW1o q4zowDiYhC4NdNHPn2mC43bDTu7CtnoH4cY4wB8aX71cGqYaLAHjDElLbAsiE7tF p+Dn7YpDMcarpBFLpe7nuOnwgk0Q0636Zfcf4l4bpFrrh+fnQiVMbg7I60njK1vS wFsuaUC2LlpmDw1ljYmxn9w5vaRDGxewtohYXw+ipHHlsbM4bxdqoms7dYTh2H4k b9oqxtKwR78pXdyRdrkSx/K88rSFLX9TiVSMy5vpRX4k0n6UzXv0o/PKqa003WK2 Ti7Sr8aUHnsbIzgYTimEVPM2KxZw+KHsUqBVbNH5YTa4XrEOz/yTmnfivxDmGLkY qlFV7+GIusvoIqwLXlN2Vb+XPt4sTzNLBZAnhzMbMKei+dTvPwglal1hCawBipY8 Cv4gu/FMTQjRjGMbpord3F00PvnxFyr+XtxZOVWsAgY6sQiVM9TgqvNJpzLAOOo2 uUEhrjvmPcE33Z7C5eaKdX1jkvEBQft9aBLOcjrnJP4oWqWiHxY= =DjwX -----END PGP SIGNATURE-----
--- End Message ---
