libupnp package vulnerable to CVE-2021-28302

Mark H Weaver wrote on 14 Mar 2021 22:29

Recipients:(address . bug-guix@gnu.org)(name . Léo Le Bouter)(address . lle-bout@zaclys.net)

Message-ID:87lfaps9tu.fsf@netris.org

I'm forwarding this to bug-guix@gnu.org so that it won't be forgotten.

Mark

-------------------- Start of forwarded message --------------------

To: guix-devel@gnu.org

CVE-2021-28302	12.03.21 16:15
A stack overflow in pupnp 1.16.1 can cause the denial of service
through the Parser_parseDocument() function. ixmlNode_free() will
release a child node recursively, which will consume stack space and
lead to a crash.

Upstream did not provide a patch yet, see <
https://github.com/pupnp/pupnp/issues/249.

I suggest we wait for the patch to be made and then update, to be
monitored.

-------------------- End of forwarded message --------------------

Ludovic Courtès wrote on 15 Mar 2021 14:43

control message for bug #47140

Recipients:(address . control@debbugs.gnu.org)

Message-ID:87lfaoh6rv.fsf@gnu.org

tags 47140 + security

quit

Leo Famulari wrote on 24 Mar 2021 05:06

(no subject)

Recipients:(address . control@debbugs.gnu.org)

Message-ID:YFq6wUqi070//Gk+@jasmine.lan

block 47297 with 47140
block 47297 with 47141
block 47297 with 47142
block 47297 with 47143
block 47297 with 47144

Léo Le Bouter wrote on 5 Apr 2021 22:50

libupnp package vulnerable to CVE-2021-28302

Recipients:(address . 47140@debbugs.gnu.org)

Message-ID:ede99764b2ae52b0c5ae719a70b40fe8ac6aa6ca.camel@zaclys.net

Upstream created and merged a probable patch:

https://github.com/pupnp/pupnp/pull/306

Reporter still needs to confirm if it fixes the issue.

Léo Le Bouter wrote on 9 Apr 2021 03:16

Recipients:(address . 47140-done@debbugs.gnu.org)

Message-ID:5d2864e3ee90af06e3abc6e7899fa80de0b72ded.camel@zaclys.net

Fixed by 2b605ef3b145ec136530f08ee7aa27382aa64b46

Closed

Your comment

This issue is archived.

To comment on this conversation send email to 47140@debbugs.gnu.org

is:open	open issues
is:done	closed issues
submitter:<who>	search issue submitter
author:<who>	search by message author
date:yesterday..now	search by issue date
mdate:3m..2d	search by message date