Your message dated Sat, 17 Dec 2016 22:02:13 +0000 with message-id <e1cin3v-000gza...@fasolo.debian.org> and subject line Bug#842093: fixed in libupnp 1:1.6.19+git20141001-1+deb8u1 has caused the Debian Bug report #842093, regarding libupnp: CVE-2016-8863 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 842093: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842093 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: libupnp Version: 1:1.6.19+git20141001-1 Severity: grave Tags: security upstream Hi, the following vulnerability was published for libupnp. The issue is reproducible easily if libupnp compiled with ASAN and following the reproducing steps in the upstream bugreport. CVE-2016-8863[0]: Buffer overflow in create_url_list If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-8863 [1] https://sourceforge.net/p/pupnp/bugs/133/ Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: libupnp Source-Version: 1:1.6.19+git20141001-1+deb8u1 We believe that the bug you reported is fixed in the latest version of libupnp, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 842...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Uwe Kleine-König <uklei...@debian.org> (supplier of updated libupnp package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 13 Dec 2016 11:46:31 +0100 Source: libupnp Binary: libupnp6 libupnp6-dev libupnp-dev libupnp6-dbg libupnp6-doc Architecture: source arm64 all Version: 1:1.6.19+git20141001-1+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Nick Leverton <n...@leverton.org> Changed-By: Uwe Kleine-König <uklei...@debian.org> Description: libupnp-dev - Portable SDK for UPnP Devices (development files) libupnp6 - Portable SDK for UPnP Devices, version 1.6 (shared libraries) libupnp6-dbg - debugging symbols for libupnp6 libupnp6-dev - Portable SDK for UPnP Devices, version 1.6 (development files) libupnp6-doc - Documentation for the Portable SDK for UPnP Devices, version 1.6 Closes: 831857 842093 Changes: libupnp (1:1.6.19+git20141001-1+deb8u1) jessie-security; urgency=high . * Non-maintainer upload by the Security Team. * backport fixes for CVE-2016-6255 and CVE-2016-8863 (Closes: #831857, #842093) Checksums-Sha1: ca174468c229f9b8393926bb89d2b6bbd53c514a 1770 libupnp_1.6.19+git20141001-1+deb8u1.dsc be20a689154f052600a08862a0153b6c52f1ce02 1228484 libupnp_1.6.19+git20141001.orig.tar.bz2 89bb3566cb115793c6953c2f92816eaa52fe113f 26280 libupnp_1.6.19+git20141001-1+deb8u1.debian.tar.xz d8b5c5d573915e799a2169572c23ee351a65ef05 141658 libupnp6_1.6.19+git20141001-1+deb8u1_arm64.deb 7aa2cedf512eef28e2fe4abbda81544290edf75e 201432 libupnp6-dev_1.6.19+git20141001-1+deb8u1_arm64.deb d340ca4daf8f00bc315f80b9dd06f11399fe39ce 47394 libupnp-dev_1.6.19+git20141001-1+deb8u1_all.deb c29229b4aa9842ce445281fb3f40d95e9e103977 393430 libupnp6-dbg_1.6.19+git20141001-1+deb8u1_arm64.deb cc9754e014d7c725d4d4f24ead45c0408c95f39f 12751656 libupnp6-doc_1.6.19+git20141001-1+deb8u1_all.deb Checksums-Sha256: 30a8b2d7885fc667bc05916a7d47c28bb8f00feb9715ffbc54e51e2e7f591a4e 1770 libupnp_1.6.19+git20141001-1+deb8u1.dsc d2a0713285f8a1d1a633def7498e24d1341bc086c0c53d92fdda71c431386919 1228484 libupnp_1.6.19+git20141001.orig.tar.bz2 23392ebd3bf2b6697cddb163cf24c8f40af88eff1820024bbd43c9ba800a2c02 26280 libupnp_1.6.19+git20141001-1+deb8u1.debian.tar.xz f15bfe29344e85370cb8fc2d557af6b68a7159787779f865fe0cf1a013c081e5 141658 libupnp6_1.6.19+git20141001-1+deb8u1_arm64.deb ac605bb3f0cb494f5ac55ac413e4e2568e815195cef23b05d45eb51ff5b71c41 201432 libupnp6-dev_1.6.19+git20141001-1+deb8u1_arm64.deb fec72b2b58e04650e8e39856f796bbb5bf6946006ec0d863938804f13c9901a6 47394 libupnp-dev_1.6.19+git20141001-1+deb8u1_all.deb 595dfc062fe7bf72ca7b6822dd9a7f5058c463e355aa40b2eeca855ed071c985 393430 libupnp6-dbg_1.6.19+git20141001-1+deb8u1_arm64.deb 5733e488d8b00115312dfa971b8825bf990897895e246c7fd700576f8161135b 12751656 libupnp6-doc_1.6.19+git20141001-1+deb8u1_all.deb Files: d46eee8441b71d9e77c2eb9a80a0480a 1770 net optional libupnp_1.6.19+git20141001-1+deb8u1.dsc eeac640f9cc420c8b4ed2e17094704c7 1228484 net optional libupnp_1.6.19+git20141001.orig.tar.bz2 f744c68d36208b53a3cbc8949ae78e98 26280 net optional libupnp_1.6.19+git20141001-1+deb8u1.debian.tar.xz 849a6b8fe54ea453e829d1ed808906c3 141658 libs optional libupnp6_1.6.19+git20141001-1+deb8u1_arm64.deb 16fc2c9d6f473d4a11e560400f8724be 201432 libdevel optional libupnp6-dev_1.6.19+git20141001-1+deb8u1_arm64.deb ceb3975efb6e03b8d0d9aeb34a99b60f 47394 libdevel optional libupnp-dev_1.6.19+git20141001-1+deb8u1_all.deb eee152b7437892edf32888d47d82fb2a 393430 debug extra libupnp6-dbg_1.6.19+git20141001-1+deb8u1_arm64.deb 59ddb88cc435d7b714754fb065bb05ad 12751656 doc optional libupnp6-doc_1.6.19+git20141001-1+deb8u1_all.deb -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEfnIqFpAYrP8+dKQLwfwUeK3K7AkFAlhQUP4ACgkQwfwUeK3K 7AmqaAf/fRRTkiH2MosrPYH0Is8DqNWvpTB5S+yAAFTylzUH6CxET7G2lb2Z3V3T yaRHaHanJNAFW2S26dlhcfbEhqD4b0wqUzl+Ypiu7S/5GP7gkZ20f0pKWxAPgpvS tGbUsGl+BHscSS/pcUB/10GpSNmbyczppaXlGeUe9SK4hTL18l2U8ha9HFw2V43C nDOMjl/BR/b4JugXvgNF1S1FSty3EkU3zh4nXU5vfLgl9iaItoOgD13MjpQbbEIe wBoSxMMRTf+UOe3PVLOPSyhI0QkdzPN5H3XEHMfgfHWE5J+mw6JDxJ4p2qUBkchA WdfvTn8ZAn4LQnigovZVPUMC28xYZQ== =u/Xp -----END PGP SIGNATURE-----
--- End Message ---
