Source: minidlna Version: 1.2.1+dfsg-2 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: found -1 1.2.1+dfsg-1
Hi, The following vulnerability was published for minidlna. CVE-2020-12695[0]: | The Open Connectivity Foundation UPnP specification before 2020-04-17 | does not forbid the acceptance of a subscription request with a | delivery URL on a different network segment than the fully qualified | event-subscription URL, aka the CallStranger issue. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-12695 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12695 [1] https://sourceforge.net/p/minidlna/git/ci/06ee114731612462eb1eb1266f0431ccf59269d2 Regards, Salvatore
