Re: CVE-2016-6255

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CVE-2016-6255

From:	Efraim Flashner
Subject:	Re: CVE-2016-6255
Date:	Thu, 6 Oct 2016 10:22:17 +0300
User-agent:	Mutt/1.7.0 (2016-08-17)

On Thu, Oct 06, 2016 at 02:16:26AM -0400, Leo Famulari wrote:
> Subject: [PATCH 0/1] libupnp remote filesystem access CVE-2016-6255
> 
> You can use libupnp on a remote server to read and write the filesystem
> with the privileges of the libupnp process:
> 
> http://seclists.org/oss-sec/2016/q3/102
> 
> This patch cherry-picks the upstream commit:
> 
> https://github.com/mrjimenez/pupnp/commit/d64d6a44906b5aa5306bdf1708531d698654dda5
> 
> Leo Famulari (1):
>   gnu: libupnp: Fix CVE-2016-6255.
> 
>  gnu/local.mk                                     |  1 +
>  gnu/packages/libupnp.scm                         |  2 +
>  gnu/packages/patches/libupnp-CVE-2016-6255.patch | 86 
> ++++++++++++++++++++++++
>  3 files changed, 89 insertions(+)
>  create mode 100644 gnu/packages/patches/libupnp-CVE-2016-6255.patch
> 
> -- 
> 2.10.1
> 

Looks good to me

-- 
Efraim Flashner   <address@hidden>   אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

[no subject], Leo Famulari, 2016/10/06
- [PATCH 1/1] gnu: libupnp: Fix CVE-2016-6255., Leo Famulari, 2016/10/06
  - Re: [PATCH 1/1] gnu: libupnp: Fix CVE-2016-6255., Ludovic Courtès, 2016/10/06
    - Re: [PATCH 1/1] gnu: libupnp: Fix CVE-2016-6255., Leo Famulari, 2016/10/09
- Re: CVE-2016-6255, Efraim Flashner <=

Prev by Date: Re: [PATCH] gnu: Add CUPS service.
Next by Date: Re: gnu/system/u-boot.scm
Previous by thread: Re: [PATCH 1/1] gnu: libupnp: Fix CVE-2016-6255.
Next by thread: [PATCH] aarch64 support in isl
Index(es):
- Date
- Thread