Source: minidlna Version: 1.2.1+dfsg-2 Severity: grave Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: found -1 1.2.1+dfsg-1
Hi, The following vulnerability was published for minidlna. CVE-2020-28926[0]: | ReadyMedia (aka MiniDLNA) before versions 1.3.0 allows remote code | execution. Sending a malicious UPnP HTTP request to the miniDLNA | service using HTTP chunked encoding can lead to a signedness bug | resulting in a buffer overflow in calls to memcpy/memmove. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-28926 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28926 [1] https://sourceforge.net/p/minidlna/git/ci/9fba41008adebc1da0f4f6c6e27ae422ace3fe4a Regards, Salvatore
