Your message dated Sat, 08 Jun 2019 17:32:26 +0000 with message-id <e1hzfcc-000hlt...@fasolo.debian.org> and subject line Bug#929297: fixed in minissdpd 1.2.20130907-4.1+deb9u1 has caused the Debian Bug report #929297, regarding minissdpd: CVE-2019-12106 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 929297: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929297 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: minissdpd Version: 1.2.20130907-3+deb8u1 X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for minissdpd. CVE-2019-12106[0]: | The updateDevice function in minissdpd.c in MiniUPnP MiniSSDPd 1.4 and | 1.5 allows a remote attacker to crash the process due to a Use After | Free vulnerability. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-12106 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12106 Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-
--- End Message ---
--- Begin Message ---Source: minissdpd Source-Version: 1.2.20130907-4.1+deb9u1 We believe that the bug you reported is fixed in the latest version of minissdpd, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 929...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Chris Lamb <la...@debian.org> (supplier of updated minissdpd package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 27 May 2019 10:14:26 +0100 Source: minissdpd Binary: minissdpd Architecture: source amd64 Version: 1.2.20130907-4.1+deb9u1 Distribution: stretch Urgency: medium Maintainer: Thomas Goirand <z...@debian.org> Changed-By: Chris Lamb <la...@debian.org> Description: minissdpd - keep memory of all UPnP devices that announced themselves Closes: 929297 Changes: minissdpd (1.2.20130907-4.1+deb9u1) stretch; urgency=medium . * CVE-2019-12106: Prevent a use-after-free vulnerability that would allow a remote attacker to crash the process. (Closes: #929297) Checksums-Sha1: 73df7e00168675324260ac4b92694cd540c58f70 1961 minissdpd_1.2.20130907-4.1+deb9u1.dsc 9d548a55449e7eb2638631562cc35df9434b7a74 20237 minissdpd_1.2.20130907.orig.tar.gz 429f27387bda690a5ef02bc43056990c11668e66 7032 minissdpd_1.2.20130907-4.1+deb9u1.debian.tar.xz 6a28ee5ed764ef3fb06a07efafc23f61aeffab27 34204 minissdpd-dbgsym_1.2.20130907-4.1+deb9u1_amd64.deb 657b4760bff9c73b0a504e99d70d0f6788b2b3bc 6120 minissdpd_1.2.20130907-4.1+deb9u1_amd64.buildinfo ac0bfe0e859714c1731a2fbe4592219bc8777d83 20110 minissdpd_1.2.20130907-4.1+deb9u1_amd64.deb Checksums-Sha256: 2ddfcf6d30de6a343df000504badb874bbdfc30ce51f3c4e95280052907a6e37 1961 minissdpd_1.2.20130907-4.1+deb9u1.dsc 18bc5b9336947d63724c85402dbb8bb134eab2a2ba8ecae4446232f01683b468 20237 minissdpd_1.2.20130907.orig.tar.gz 30cb9a99dcde2c1007071ffe516e56738451f25ac28910232f08fd71f1a325c0 7032 minissdpd_1.2.20130907-4.1+deb9u1.debian.tar.xz 6cd08d88237deaec5358f983eee24207cd47c3cc58b46f47ce0f958bfb9f8d3a 34204 minissdpd-dbgsym_1.2.20130907-4.1+deb9u1_amd64.deb 1fa3c61180d9cf5ffd59ab647c52730baf3609d889c308296f6f962c5a84b93c 6120 minissdpd_1.2.20130907-4.1+deb9u1_amd64.buildinfo f60d9f067ab7d5a5dfef665acf3cd1802c798889644f615aa6437d7145643146 20110 minissdpd_1.2.20130907-4.1+deb9u1_amd64.deb Files: 979fb7e988a60a1c184fbc9d88ea28cd 1961 net optional minissdpd_1.2.20130907-4.1+deb9u1.dsc abe636faef155cd8f606bcb32cd257e9 20237 net optional minissdpd_1.2.20130907.orig.tar.gz ff5e5202f57f7a9179d9c48b2c5a00ff 7032 net optional minissdpd_1.2.20130907-4.1+deb9u1.debian.tar.xz 340d0aca34052783c62f74cb7a22244b 34204 debug extra minissdpd-dbgsym_1.2.20130907-4.1+deb9u1_amd64.deb e058c830292e368a380ac33e4044bdcf 6120 net optional minissdpd_1.2.20130907-4.1+deb9u1_amd64.buildinfo b7a7f5864a9476a712b314ae4391a7e9 20110 net optional minissdpd_1.2.20130907-4.1+deb9u1_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlz2peoACgkQHpU+J9Qx Hlj58RAAkrLfwCljKrirsxUc1oTTfaLDZh8I/NRkk7PJobZRvnR2Z+MxmtxRlhqS S+9GTaWEnINW5FMOQmguwNEOg/S5LLxrh9pGu5P7pxbOqFozOdeXzjE3b4/5LpNl vYfOHRoSy97Hf5QBeF3RB+ru50XrpYH5i5MtvRQSM3vhk70Hc2beOeFqe72q7sKU mx9lANebYf3qSoDJKHMzUX1wpVsZ2nCPAK9O2AAUBhDCDIQxNr0umIg4GCB9bu1H sTSLKb8ur+cGWcYUoBUjKWO6VMubcwbBXIcy+/WxqNHOTzoz80mqZdu2QbuYt6hm f+JEPixDi0Qpi8yr1OkjjGpb1vP1aolTUSnGRmVL/z9hJ53ThX0B2VNXDqTaFN3q tuBTiCB476WiTL1y94V4SOshmruK0iP2Z7+w4WluuE3EfqUScHMa9ZKqEDHl+eXS nSHxQ/YePcIwh7diLrNQER/RU7ZIt7YMyA0CUSCJQV/1NYECZ/K0yNu8WcakI5kZ 49YS0umyHhA1JRT94x7sKuDt99X9t/0NG74+WwAUSJ6i+fkjCERCdeZGd3Mn0piV 0pMLN16DuarfC1jSW640i4LtbLDnXCJLOztPHp9f6jAlo8wT85+cSXzYrVD82xm2 XQVpDjWE1m4LA2fEl42YHU6eNCaXFPbeKLQO1+Y9qrYkmnc18rA= =xE0V -----END PGP SIGNATURE-----
--- End Message ---
