Format: 1.8
Date: Mon, 24 Oct 2016 08:54:59 +0100
Source: minissdpd
Binary: minissdpd
Architecture: i386
Version: 1.2.20130907-3.2
Distribution: zesty-proposed
Urgency: high
Maintainer: Launchpad Build Daemon <buildd@lcy01-07.buildd>
Changed-By: James Cowgill <jcowgill@debian.org>
Description:
 minissdpd  - keep memory of all UPnP devices that announced themselves
Closes: 816759
Changes:
 minissdpd (1.2.20130907-3.2) unstable; urgency=high
 .
   * Non-maintainer upload.
   * Fix CVE-2016-3178 and CVE-2016-3179. (Closes: #816759)
     The minissdpd daemon contains a improper validation of array index
     vulnerability (CWE-129) when processing requests sent to the Unix
     socket at /var/run/minissdpd.sock the Unix socket can be accessed
     by an unprivileged user to send invalid request causes an
     out-of-bounds memory access that crashes the minissdpd daemon.
Checksums-Sha1:
 d874033fd0538e28e2c1bf9b633e7ba11ef44cd9 25774 minissdpd-dbgsym_1.2.20130907-3.2_i386.ddeb
 4a31be5293fd5112d9bb89cf5ca9f84bb978bd06 19204 minissdpd_1.2.20130907-3.2_i386.deb
Checksums-Sha256:
 a815930301ef91e246f1b6bb30c6eb20b129f53c757fcb09001a5e16ba773a40 25774 minissdpd-dbgsym_1.2.20130907-3.2_i386.ddeb
 3c43550fd382cfeb526962a61f4465a9d54278e7d5bebcb27a9cb632a7b05331 19204 minissdpd_1.2.20130907-3.2_i386.deb
Files:
 c0b0e51b2c333879035fcd2b95e27748 25774 net extra minissdpd-dbgsym_1.2.20130907-3.2_i386.ddeb
 2fdc73134adffdf32e01150ad2043d6d 19204 net optional minissdpd_1.2.20130907-3.2_i386.deb