Format: 1.8 Date: Mon, 24 Oct 2016 08:54:59 +0100 Source: minissdpd Binary: minissdpd Architecture: amd64 Version: 1.2.20130907-3.2 Distribution: zesty Urgency: high Maintainer: Launchpad Build Daemon Changed-By: James Cowgill Description: minissdpd - keep memory of all UPnP devices that announced themselves Closes: 816759 Changes: minissdpd (1.2.20130907-3.2) unstable; urgency=high . * Non-maintainer upload. * Fix CVE-2016-3178 and CVE-2016-3179. (Closes: #816759) The minissdpd daemon contains a improper validation of array index vulnerability (CWE-129) when processing requests sent to the Unix socket at /var/run/minissdpd.sock the Unix socket can be accessed by an unprivileged user to send invalid request causes an out-of-bounds memory access that crashes the minissdpd daemon. Checksums-Sha1: c6e45a39a6758faec2fe9c167a89cc41edf80ab7 18562 minissdpd_1.2.20130907-3.2_amd64.deb Checksums-Sha256: 2cd3235566bfa9fc2490626d7c3f4cd07616eafcd32a7694717ba0de42d25331 18562 minissdpd_1.2.20130907-3.2_amd64.deb Files: 668db73f80c48c59aaeb04ea1c47ed64 18562 net optional minissdpd_1.2.20130907-3.2_amd64.deb