[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: CVE-2016-6255
From: |
Efraim Flashner |
Subject: |
Re: CVE-2016-6255 |
Date: |
Thu, 6 Oct 2016 10:22:17 +0300 |
User-agent: |
Mutt/1.7.0 (2016-08-17) |
On Thu, Oct 06, 2016 at 02:16:26AM -0400, Leo Famulari wrote:
> Subject: [PATCH 0/1] libupnp remote filesystem access CVE-2016-6255
>
> You can use libupnp on a remote server to read and write the filesystem
> with the privileges of the libupnp process:
>
> http://seclists.org/oss-sec/2016/q3/102
>
> This patch cherry-picks the upstream commit:
>
> https://github.com/mrjimenez/pupnp/commit/d64d6a44906b5aa5306bdf1708531d698654dda5
>
> Leo Famulari (1):
> gnu: libupnp: Fix CVE-2016-6255.
>
> gnu/local.mk | 1 +
> gnu/packages/libupnp.scm | 2 +
> gnu/packages/patches/libupnp-CVE-2016-6255.patch | 86
> ++++++++++++++++++++++++
> 3 files changed, 89 insertions(+)
> create mode 100644 gnu/packages/patches/libupnp-CVE-2016-6255.patch
>
> --
> 2.10.1
>
Looks good to me
--
Efraim Flashner <address@hidden> אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted
signature.asc
Description: PGP signature