** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to miniupnpc in Ubuntu. https://bugs.launchpad.net/bugs/1506017
Title: TALOS-2015-0035 (CVE-2015-6031) Status in miniupnpc package in Ubuntu: Fix Released Bug description: Please upgrade the miniupnpc package, or backport a fix as soon as possible. There is a remote-exploitable (from LAN) bug in miniupnpc: See http://talosintel.com/reports/TALOS-2015-0035/ This affects transmission-gtk, as well as all other client software this uses this libary, such as bitcoind. The commit fixing the vulnerability is https://github.com/miniupnp/miniupnp/commit/79cca974a4c2ab1199786732a67ff6d898051b78 I have a PoC exploit for amd64, if interested contact me at laa...@gmail.com , use GPG keyid: 0x74810B012346C9A6 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/miniupnpc/+bug/1506017/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp