Your message dated Tue, 22 Dec 2020 08:41:03 +0000
with message-id <e1krde7-0000pr...@fasolo.debian.org>
and subject line Bug#976594: fixed in minidlna 1.2.1+dfsg-3
has caused the Debian Bug report #976594,
regarding minidlna: CVE-2020-12695
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
976594: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976594
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: minidlna
Version: 1.2.1+dfsg-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Control: found -1 1.2.1+dfsg-1
Hi,
The following vulnerability was published for minidlna.
CVE-2020-12695[0]:
| The Open Connectivity Foundation UPnP specification before 2020-04-17
| does not forbid the acceptance of a subscription request with a
| delivery URL on a different network segment than the fully qualified
| event-subscription URL, aka the CallStranger issue.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2020-12695
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12695
[1]
https://sourceforge.net/p/minidlna/git/ci/06ee114731612462eb1eb1266f0431ccf59269d2
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: minidlna
Source-Version: 1.2.1+dfsg-3
Done: Alexander GQ Gerasiov <g...@debian.org>
We believe that the bug you reported is fixed in the latest version of
minidlna, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 976...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Alexander GQ Gerasiov <g...@debian.org> (supplier of updated minidlna package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 22 Dec 2020 11:05:27 +0300
Source: minidlna
Architecture: source
Version: 1.2.1+dfsg-3
Distribution: unstable
Urgency: medium
Maintainer: Alexander GQ Gerasiov <g...@debian.org>
Changed-By: Alexander GQ Gerasiov <g...@debian.org>
Closes: 975372 976594 976595
Changes:
minidlna (1.2.1+dfsg-3) unstable; urgency=medium
.
* Add 0011-upnphttp-Disallow-negative-HTTP-chunk-lengths.patch
CVE-2020-28926 (Closes: #976595).
* Add 0012-upnphttp-Validate-SUBSCRIBE-callback-URL.patch CVE-2020-12695
(Closes: #976594).
* d/minidlna.postrm: Do not fail on purge (Closes: #975372).
Checksums-Sha1:
1ce26e96013757d2c25fd2a01fdeb2adaddf6cfb 1706 minidlna_1.2.1+dfsg-3.dsc
b9bc275628c043580fbe524c03494f2c5b180e4b 26032
minidlna_1.2.1+dfsg-3.debian.tar.xz
10fbc99b08f3d7e84b5c6d2c577bc81889bf99ef 9022
minidlna_1.2.1+dfsg-3_source.buildinfo
Checksums-Sha256:
cd0802eb9b6b5bfa5d7205c368f7c67fd3e9b92ac4af59a1bd628f4e7a1c63e9 1706
minidlna_1.2.1+dfsg-3.dsc
e2e545004eb2e4ed938d2d154af2e9f7c6ded28ed0b0bc2537cc3180684803e1 26032
minidlna_1.2.1+dfsg-3.debian.tar.xz
54d9f68d1b701a7e552fcdacbf9c2b374856748783f24859f9b20101207d9c8d 9022
minidlna_1.2.1+dfsg-3_source.buildinfo
Files:
42bf17961bcc6ba55a115240ed993b07 1706 net optional minidlna_1.2.1+dfsg-3.dsc
b7809ed7ae8f3872033500f08f2e849c 26032 net optional
minidlna_1.2.1+dfsg-3.debian.tar.xz
966743687f8ef669d1ac0619c084a63d 9022 net optional
minidlna_1.2.1+dfsg-3_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQFCBAEBCgAsFiEEBLWdkN98wqvNSbrqyofp6CqsM/EFAl/hqakOHGdxQGRlYmlh
bi5vcmcACgkQyofp6CqsM/Fgjwf/bJ/5r4B/J/5zOrWkNnHEC0tERxYFua1uoQyZ
nfdEPs4HlO0R6qJdFsIFTfzGOd4TG9ZB1HBPePlXBXXP9dTyJW68O1/h5zPweIMY
X6HmRUbe6jjAw1Hc6RJ7jRiJNLfb4iG79m5L51mB6NNsSPhRdLDZXI4IKhpqlwXg
nY5pdtbttpy/WDXHuGj5j/UW5IMmsM9RBJSUfimhTEntY3Bk1BG9RCcwkGZILh57
svXmUGhd8NXjgu+dx1TiQlmzVL1opzMZ+o6i2pkxNfB+TQKLK9KkG8B4RaHcaTpT
R9zAKRs30yecB1VjR9X2LFhokXl4EWSzp6lTWq45+2Ms5wycdA==
=njHw
-----END PGP SIGNATURE-----
--- End Message ---
