libupnp package vulnerable to CVE-2021-28302

DoneSubmitted by Mark H Weaver.
Details
4 participants
  • Leo Famulari
  • Léo Le Bouter
  • Ludovic Courtès
  • Mark H Weaver
Owner
unassigned
Severity
normal
M
M
Mark H Weaver wrote on 14 Mar 22:29 +0100
(address . bug-guix@gnu.org)(name . Léo Le Bouter)(address . lle-bout@zaclys.net)
87lfaps9tu.fsf@netris.org
I'm forwarding this to bug-guix@gnu.org so that it won't be forgotten.
Mark
-------------------- Start of forwarded message --------------------Subject: libupnp package vulnerable to CVE-2021-28302From: Léo Le Bouter <lle-bout@zaclys.net>To: guix-devel@gnu.orgDate: Sat, 13 Mar 2021 02:12:45 +0100
CVE-2021-28302 12.03.21 16:15A stack overflow in pupnp 1.16.1 can cause the denial of servicethrough the Parser_parseDocument() function. ixmlNode_free() willrelease a child node recursively, which will consume stack space andlead to a crash.
Upstream did not provide a patch yet, see <https://github.com/pupnp/pupnp/issues/249.
I suggest we wait for the patch to be made and then update, to bemonitored.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEFIvLi9gL+xax3g6RRaix6GvNEKYFAmBMEY0ACgkQRaix6GvNEKYUDQ//cJCRDapNXBPGtjw9g7Ki83WqsqSIG97YZF1+8vF3EKWaQ0yaUKwPyAhFyngRqIGzo9nebdk9Ju8j8nFPICXKq3zwmiJzqg43mgdDoFjaVCgQLv/TIPbh/poi+Y9JM0U4+1tkL2ePylpGTfgTZ2aSNh7DiWR2fsvIZpRozeX+XQBXnZJQBbjgAC5ANif2qFgohSYrMU7tii/O43aHsBSCnjBdq1v8X+OI9hLAWlclrw+sJMVAbEVVDft1UM+vk9SJAS2YGZ8h6vxJkDQ2n5851P22vrIkRz1WUVL/ejlwvB5kk1PT4nyx53WTaKd7SwvXbfb/nv5KaMSx4kXmAoquQzi/1nei1U6043ZLH8rsfquXPho3JUNZz28h14Lj0nBwJ1ZxeGhD/5/XqMDWp/AbqXKaIsnaEKFZdUZfFPwTEpgRlntTeTs3Tiwsl9xuoV+Qib8slW8ZRS7cvpFO9Hnmt8R6MQgk5o0zDP3sdRc3v9rN9wT6CCHAUEHVtSXPobwRKoEAZN7IQ4CqvXsAWa2eELEV4Xs18045iC5j5z2SCP5QcUro20sixc0MeZF/1A8YoM7u1Qxhr9w3ptv9iiCywkBWhYLCBqC4BOUYSDFmDu/IErA0raiqO2e9IfsJWzhQcFanAn0c/NhzJfaj0vhapCywcBdksw84ZmQ9dXK4E4E==3T+p-----END PGP SIGNATURE-----
-------------------- End of forwarded message --------------------
L
L
Ludovic Courtès wrote on 15 Mar 14:43 +0100
control message for bug #47140
(address . control@debbugs.gnu.org)
87lfaoh6rv.fsf@gnu.org
tags 47140 + securityquit
L
L
Leo Famulari wrote on 24 Mar 05:06 +0100
(no subject)
(address . control@debbugs.gnu.org)
YFq6wUqi070//Gk+@jasmine.lan
block 47297 with 47140block 47297 with 47141block 47297 with 47142block 47297 with 47143block 47297 with 47144
L
L
Léo Le Bouter wrote on 5 Apr 22:50 +0200
libupnp package vulnerable to CVE-2021-28302
(address . 47140@debbugs.gnu.org)
ede99764b2ae52b0c5ae719a70b40fe8ac6aa6ca.camel@zaclys.net
Upstream created and merged a probable patch: https://github.com/pupnp/pupnp/pull/306
Reporter still needs to confirm if it fixes the issue.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEFIvLi9gL+xax3g6RRaix6GvNEKYFAmBreDAACgkQRaix6GvNEKbPTA/+MBbgjAjTCTeZ54pKRRUQdP8Pcb2IVreT0GmIpsiTGJeH8+4uFegkj/jJAA5vCyPuzEw+3P+4O9QKFbVvJq0znioA5fDHp9OvKdvTukRAu4rdaV/8EnRQnnVHo/E23QgoUXbnCftpKzzI2NAgQWgJokfOeoaQho/b/kPlf3s9Mizr0GgX5kkXjHVCycw4IvMlabZor4ECujDHRhToNogkp2dO6929wf5/efl0pC8a1Bv5fbUDWvsSLyVXsPrOTsEGo/D0yK6rucVG4D59B/YgGsljloB35upSatM0hmOFX6ynfHlj91kyf5qFks+9VeCIpm2fPyth+wTN7hu87MyNwMi6ZjjTmZ7G9NI+EyOQ3F+kPZREHZNFHhC75sVG8L0LFleCqrJWQgMXMZU6bF+guYrV01CGBczzvHwz4bxgT+zA2k/wW6/QTYlGIjvnWwOe+pYuBVX1/cx77iguvU4FNRG+tXC8rqhYsLjF5fpuDbDUQv9DCfDoYmkKSStYWyAH/8eLlKZprMbJUsa494MedFWyqdRCuiIxMykUVBz30rfHlcZXp1aXDz0k9gUg+3GZQbcc4FKQG2znw5z4o4AHnqsfeffljph6Oqx9Y9/0iV1H080J5uE90xhlfDlsu/rG3Aw0NzIlka8eBIKr9fSdkEKwti3FDu6/Hd+ihStWL/0==jvyO-----END PGP SIGNATURE-----

L
L
Léo Le Bouter wrote on 9 Apr 03:16 +0200
(address . 47140-done@debbugs.gnu.org)
5d2864e3ee90af06e3abc6e7899fa80de0b72ded.camel@zaclys.net
Fixed by 2b605ef3b145ec136530f08ee7aa27382aa64b46
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEFIvLi9gL+xax3g6RRaix6GvNEKYFAmBvqtsACgkQRaix6GvNEKa1Cw//d68L/ApbojqQHLvSDo5FrQPnkmFY9LnWB07qx1j68sJwUW9OYYtDcA4wh1wFdm0/8u/Lj4gifo+aW0Cxm27BzCpf+QRRp2XSRkKQh8nWR8l/LUzVN65obSA6iJlaV7o5w9f12GI44UxyT8pYTq5qJdaSowmsdwpPvQ/9iKj0Kx2PqT20Nr6XRdsPsy/Y3y/c31SArwA8B9UDbMi3Ye/vgOSMv32aZOsRixAImkxPqzYq/PaKq463Jg5VErNjDM0fsQUFb8QzHQr9B9LXpUzWaHAC31/fFcaKidThPD8s8SUUY8FtZ5Jc6eTWsDxXLZTcrMAno0Lh91K+H9bIZ39VZyZWJ88gzvo4JaydbCuaq9xms1CkwRcY0QSbJq2Lcj95cdqXeiUfEYFDBGcCHV/wVwfTAxHkblqbjbDS1IHKZYR4B/5PYYh6prTnsrBzPs1fn+xqDj2EzCs2JIMe82aZRQgUitCq64oMH9UPcLM7wS9bJ1JFUMyMU5ilFP0evjwoQo4jJ0Tbj3fYmUn7C/VCm0Xv9xumlcgbxNL7fJZNsAmZdSaFA40HfhqapDBRz0vpFqTurGv/AbBrRM0asHzp2mRPhh1Z2GIZ9jL5EtgDTfp0EAMDZsgbeUN1dp6mURYr43y6gD4JbokNBbfYEoaacREZeXKqCoKXHScx3U3EYI4==epMm-----END PGP SIGNATURE-----

Closed
?
Your comment

Commenting via the web interface is currently disabled.

To comment on this conversation send email to 47140@debbugs.gnu.org