Superseded
by minissdpd - 1.2.20130907-3+deb8u2build0.16.04.1
Published
Copied from
ubuntu xenial in
Private PPA for Ubuntu Security Team
by Ubuntu Archive Robot
Changelog
minissdpd (1.2.20130907-3+deb8u1build0.16.04.1) xenial-security; urgency=medium
* fake sync from Debian
minissdpd (1.2.20130907-3+deb8u1) jessie; urgency=high
* Non-maintainer upload.
* Fix CVE-2016-3178 and CVE-2016-3179. (Closes: #816759)
The minissdpd daemon contains a improper validation of array index
vulnerability (CWE-129) when processing requests sent to the Unix
socket at /var/run/minissdpd.sock the Unix socket can be accessed
by an unprivileged user to send invalid request causes an
out-of-bounds memory access that crashes the minissdpd daemon.
-- Mike Salvatore <email address hidden> Thu, 15 Nov 2018 15:26:35 -0500