Sorry, I accidentally made GUPnP depend on GSSDP 1.2.4 which is not released yet. This is not necessary, I will publish a 1.0.8 which lowers the requirement again.
> Hello everyone, > > GUPnP 1.0.7 and GUPnP 1.2.5 fix a potential DNS rebind issue. > > An impact of this would be that for example a user could be tricked > into opening a malicious web page that could scan the local network > for > UPnP media servers and download the user's shared files, or, if > enabled, even delete them. > > Upgrade to 1.2.5 (or where that is not possible, 1.0.7) is strongly > recommended. > > GUPnP 1.2.5 is also a maintainence release containing a number of > fixes, noted below: > > GUPnP 1.2.5 > =========== > - Fix introspection annotation for send_action_list > - Fix potential fd leak in linux CM > - Fix potential NULL pointer dereference when evaluating > unset ServiceProxyActions > - Fix leaking the message string if an action is never > sent > - Fix leaking the ServiceProxyAction if sending fails > in call_action > - Fix introspection annotation for send_action and > call_action_finish to prevent a double-free > - Make ServiceIntrospection usable from > gobject-introspection > - Add Python examle > - Add C example > - Fix JavaScript example > - Fix potential use-after-free if service proxy is > destroxed before libsoup request finishes in control > point > - Fix potential data leak due to being vulnerable to DNS > rebind attacs > > Bugs fixed in this release: > - https://gitlab.gnome.org/GNOME/gupnp/issues/47 > - https://gitlab.gnome.org/GNOME/gupnp/issues/46 > - https://gitlab.gnome.org/GNOME/gupnp/issues/23 > - https://gitlab.gnome.org/GNOME/gupnp/issues/24 > > All contributors to this release: > - Jens Georg <[email protected]> > - Doug Nazar <[email protected]> > - Andre Klapper <[email protected]> > > > _______________________________________________ > gnome-announce-list mailing list > [email protected] > https://mail.gnome.org/mailman/listinfo/gnome-announce-list _______________________________________________ gnome-announce-list mailing list [email protected] https://mail.gnome.org/mailman/listinfo/gnome-announce-list
