• [SECURITY] [DSA 4806-1] minidlna security update

    From Moritz Muehlenhoff@21:1/5 to All on Mon Dec 7 22:50:01 2020
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-4806-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff December 07, 2020 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : minidlna
    CVE ID : CVE-2020-12695 CVE-2020-28926
    Debian Bug : 976594 976595

    It was discovered that missing input validation in minidlna, a
    lightweight DLNA/UPnP-AV server could result in the execution of
    arbitrary code. In addition minidlna was susceptible to the
    "CallStranger" UPnP vulnerability.

    For the stable distribution (buster), these problems have been fixed in
    version 1.2.1+dfsg-2+deb10u1.

    We recommend that you upgrade your minidlna packages.

    For the detailed security status of minidlna please refer to
    its security tracker page at: https://security-tracker.debian.org/tracker/minidlna

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org
    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl/OoCMACgkQEMKTtsN8 TjZ5YQ//YGsiR+FuV2o0gO7334yrekgj3oDhkhfkL0TIkaMRSacnZMLcnK/5Pp7D ft4/MopnhoXucoVfiEXyixQn+LmwXQF5IAv6AGQp0ZK5UqNxMVGtvltjSf46Qamk mag8ZzaskPYnLtSARRYZ9U5zV8B94CvEnQ/azqhjQLbkvQNwv+Wjg63CiFMG1HKz Kmnx5bsmucmVSj7uRFaiQ0p1VA+iCJguQX7dsJ6StIkx2yjAalvvTW8hljEG7AL7 Y/i+7FWkFjrLtiLms88OOVevlWIqywCd7t3DVxAlCY2ANpaauUCcF8MG1j+03unu QLowyXLAPaaEfNBpkEpsLEns3Ez6WjzuVUJIMD+vSYpNneo5q2gkwXhz0s5cABg8 WMfDamIfwufwRR0MCYAfChyk5ftF2MydcYYWnLEWD9MFL81igQFqFFs96k/dcCft nJNypruzPnvsDOjijNMGU5RWpYBI9ebFL9meC7XtHeLwvM4UUbfOiS1/zZUVuDPI WHbqDbuO+1CjnWpTFSSo6RSlq/qYMgPqEn6g/GEOaxOCpPimhx/qYbj1sWsEnnNM bekwhDVuxRt4eL9iGMI3pQJYOsP441bYGFjiYNBLdPOlY0lzhyNsLJW1Jskf9cpF cimkWMtrj2niUUR0tit8tBn+hokuWdiP3Jelb8DmxynkGRCYsZg=
    =P2Sb
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)