On Sun, 31 Mar 2024 22:00:58 +0200 Salvatore Bonaccorso <car...@debian.org> wrote:
> Source: minidlna > Version: 1.3.3+dfsg-1 > Severity: important > Tags: security upstream > Forwarded: https://sourceforge.net/p/minidlna/bugs/361/ > X-Debbugs-Cc: car...@debian.org, Debian Security Team > <t...@security.debian.org> > > Hi, > > The following vulnerability was published for minidlna. > > CVE-2023-47430[0]: > | Stack-buffer-overflow vulnerability in ReadyMedia (MiniDLNA) v1.3.3 > | allows attackers to cause a denial of service via via the > | SendContainer() function at tivo_commands.c. > Correct me if I'm wrong, but I didn't enable TiVo support in minidlna in Debian. So none of Debian releases are vulnerable. There was version 1.3.3+dfsg-0.2 which enables this flag, but I rolled this back in 1.3.3+dfsg-1 -- Best regards, Alexander Gerasiov Contacts: e-mail: a...@gerasiov.net WWW: https://gerasiov.net TG/Skype: gerasiov PGP fingerprint: 04B5 9D90 DF7C C2AB CD49 BAEA CA87 E9E8 2AAC 33F1
