** Changed in: minissdpd (Debian)
Status: Unknown = Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/813313
Title:
[mir] minissdpd
To manage notifications about this bug go to:
This bug was fixed in the package minissdpd - 1.0.20110729-1
---
minissdpd (1.0.20110729-1) unstable; urgency=high
* New upstream release 1.0.20110729, fixing root exploit issue reported on
launchpad (Closes: #635836) (LP: #813313), thanks to Moritz Muehlenhoff
j...@debian.org
Hi,
I have uploaded version 1.0.20110729, which upstream is claiming to fix
the above issues. Please sync from SID if you want the latest version.
Cheers,
Thomas Goirand (zigo)
P.S: Thanks for sending a bug to my package, I wouldn't have spot it
otherwise. I'll register to this package bugs
** Branch linked: lp:debian/minissdpd
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/813313
Title:
[mir] minissdpd
To manage notifications about this bug go to:
Are you going to report this to Debian the upstream developer?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/813313
Title:
[mir] minissdpd
To manage notifications about this bug go to:
miniupnpc no longer Recommends but merely Suggests minissdpd, so a MIR
isn't needed. Thanks for the review, Kees!
** Changed in: minissdpd (Ubuntu)
Status: Incomplete = Invalid
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Yes, I've emailed upstream with the non-packaging bits of my audit.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/813313
Title:
[mir] minissdpd
To manage notifications about this bug go to:
http://www.openwall.com/lists/oss-security/2011/07/28/12
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/813313
Title:
[mir] minissdpd
To manage notifications about this bug go to:
This software should not be in main. It seems to be very buggy and
dangerous.
- auto-starts a network-listening port on all interfaces
- needlessly runs as root
- off-by-one in packet parsing can trigger crashes on unluckily alignment
minissdpd.c line ~290
- walk off end of memory without
Kees, ok, I'll just tell miniupnpc not to recommend this package then.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/813313
Title:
[mir] minissdpd
To manage notifications about this bug go to:
** Changed in: minissdpd (Ubuntu)
Assignee: (unassigned) = Michael Terry (mterry)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/813313
Title:
[mir] minissdpd
To manage notifications about
Approved from a packaging/maintenance perspective, but I'd like the
security team to look at this, since it runs a daemon.
** Changed in: minissdpd (Ubuntu)
Status: New = Confirmed
** Changed in: minissdpd (Ubuntu)
Assignee: Michael Terry (mterry) = Ubuntu Security Team
I almost forgot to mention that it would also be nice to see a bug
subscriber.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/813313
Title:
[mir] minissdpd
To manage notifications about this bug go
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/813313
Title:
[mir] minissdpd
To manage notifications about this bug go to:
14 matches
Mail list logo
