Format: 1.8
Date: Mon, 24 Oct 2016 08:54:59 +0100
Source: minissdpd
Binary: minissdpd
Architecture: arm64
Version: 1.2.20130907-3.2
Distribution: zesty-proposed
Urgency: high
Maintainer: Launchpad Build Daemon <buildd@bos01-arm64-028.buildd>
Changed-By: James Cowgill <jcowgill@debian.org>
Description:
 minissdpd  - keep memory of all UPnP devices that announced themselves
Closes: 816759
Changes:
 minissdpd (1.2.20130907-3.2) unstable; urgency=high
 .
   * Non-maintainer upload.
   * Fix CVE-2016-3178 and CVE-2016-3179. (Closes: #816759)
     The minissdpd daemon contains a improper validation of array index
     vulnerability (CWE-129) when processing requests sent to the Unix
     socket at /var/run/minissdpd.sock the Unix socket can be accessed
     by an unprivileged user to send invalid request causes an
     out-of-bounds memory access that crashes the minissdpd daemon.
Checksums-Sha1:
 bdc90ab3dc217d5d5f6870bb65ebbabe81dffbed 29064 minissdpd-dbgsym_1.2.20130907-3.2_arm64.ddeb
 4d56cdbb6eb202e5a000e6a53a86bc6faa3c9ed3 17408 minissdpd_1.2.20130907-3.2_arm64.deb
Checksums-Sha256:
 932a70e968dc7d85b2ffdaa3ebb4b45bd48d3d0adbaf4472bfbf5366f3381725 29064 minissdpd-dbgsym_1.2.20130907-3.2_arm64.ddeb
 6a53cb536d6d253aa33066f586aa673520500b984d325445a5a869dfdcd22cc2 17408 minissdpd_1.2.20130907-3.2_arm64.deb
Files:
 e11924cbf9f666d17c6b8cd9dd73a73f 29064 net extra minissdpd-dbgsym_1.2.20130907-3.2_arm64.ddeb
 c81162eab264dce0c620c8f5319ff9a3 17408 net optional minissdpd_1.2.20130907-3.2_arm64.deb