From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1 ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id kPGIHayITmDpTgAA0tVLHw (envelope-from ) for ; Sun, 14 Mar 2021 22:05:32 +0000 Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1 with LMTPS id eE4qGayITmBPFAAAbx9fmQ (envelope-from ) for ; Sun, 14 Mar 2021 22:05:32 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id BD23126AA8 for ; Sun, 14 Mar 2021 23:05:31 +0100 (CET) Received: from localhost ([::1]:47916 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lLYrY-0006MP-V2 for larch@yhetil.org; Sun, 14 Mar 2021 18:05:28 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:55140) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lLYKE-0001yi-VB for bug-guix@gnu.org; Sun, 14 Mar 2021 17:31:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:51008) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1lLYKE-00018m-LE for bug-guix@gnu.org; Sun, 14 Mar 2021 17:31:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1lLYKE-0002pf-HJ for bug-guix@gnu.org; Sun, 14 Mar 2021 17:31:02 -0400 X-Loop: help-debbugs@gnu.org Subject: bug#47140: libupnp package vulnerable to CVE-2021-28302 Resent-From: Mark H Weaver Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Sun, 14 Mar 2021 21:31:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 47140 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: 47140@debbugs.gnu.org X-Debbugs-Original-To: bug-guix@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.161575745710873 (code B ref -1); Sun, 14 Mar 2021 21:31:02 +0000 Received: (at submit) by debbugs.gnu.org; 14 Mar 2021 21:30:57 +0000 Received: from localhost ([127.0.0.1]:34321 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lLYK8-0002pJ-MR for submit@debbugs.gnu.org; Sun, 14 Mar 2021 17:30:56 -0400 Received: from lists.gnu.org ([209.51.188.17]:38872) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lLYK5-0002p8-RK for submit@debbugs.gnu.org; Sun, 14 Mar 2021 17:30:54 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:55114) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lLYK5-0001oq-JL for bug-guix@gnu.org; Sun, 14 Mar 2021 17:30:53 -0400 Received: from world.peace.net ([64.112.178.59]:55680) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lLYK2-0000x8-8k for bug-guix@gnu.org; Sun, 14 Mar 2021 17:30:53 -0400 Received: from mhw by world.peace.net with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1lLYJp-0000gu-L9; Sun, 14 Mar 2021 17:30:37 -0400 From: Mark H Weaver References: <57dace27aa78c5c193ed803fc0bc05d55a7646c6.camel@zaclys.net> Date: Sun, 14 Mar 2021 17:29:06 -0400 Message-ID: <87lfaps9tu.fsf@netris.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" Received-SPF: pass client-ip=64.112.178.59; envelope-from=mhw@netris.org; helo=world.peace.net X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-guix@gnu.org List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org Sender: "bug-Guix" X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1615759532; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:resent-cc:resent-from:resent-sender: resent-message-id:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=6BZYLZTKV1vZ8gxBvsPc8tdWJXBlIqhR+C2fmRZGysU=; b=t10DzpjlO5tpSHw1qma11NJk83M2LWy1QMpA6fRvfz4+aoBn28NwWWbn3r2w3XxntP2keV 8wtLCVZ88iMk66Lj58b8y7DoDvzQh+vhqxEk9SgWYpeeShPKsHqe6mYa9BdFmiA8rv7VTm C4tQnjlQ8g6HsfaEeR/oK+VFbBFNt2TstpHFcKBAJh7URFQihSyMGlHOXvMN8u4VNdpmVp jLQ/wBksdpDPf5LwX2fL9unrpqIJqXGIkvUqHgsPw347PCnWHD1UvjXYkAH3tY4BFsrUN1 y4JUEWPtLyT1x6agZ8L8uyE5t3B01HryNv8ixKlK6T4sN99BlxTgsyDfZfRdmw== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1615759532; a=rsa-sha256; cv=none; b=szaQ/DK41KYIbIbAUKv9LmeSDbPJ3Z26wA0AOW6iC7svRCeXe18CL8AHyhuwS+dRRVIsMx e4PVcVVVjRQFPJRCo1xx7qss6lHKywH9uaRA0Gzs17x24n9M2A/LETNBO+2SeUOvhRJv7p SS+zBY0JmcKZvRAV4gwNXwQT6aqy12TBadwPe5PgAmIKCOgpNtc58FSPgphQBF+z8x+mmW 9lda6Nt8nYQXmwI8BVyNBmtJNaVy12eB/mCnCg4bCg42+qdSIyRjbUuVpu6L+DTZjzYHxo c5aExQZR1S5T9JBP9SdkhR09xnalEjnYtBRSvUjeIbtObTaVPuPCK5/VyC4oCA== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of bug-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=bug-guix-bounces@gnu.org X-Migadu-Spam-Score: -4.50 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of bug-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=bug-guix-bounces@gnu.org X-Migadu-Queue-Id: BD23126AA8 X-Spam-Score: -4.50 X-Migadu-Scanner: scn0.migadu.com X-TUID: qoUkODSnWcus --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable I'm forwarding this to bug-guix@gnu.org so that it won't be forgotten. Mark -------------------- Start of forwarded message -------------------- Subject: libupnp package vulnerable to CVE-2021-28302 From: L=C3=A9o Le Bouter To: guix-devel@gnu.org Date: Sat, 13 Mar 2021 02:12:45 +0100 --=-=-= Content-Type: multipart/signed; boundary="==-=-=" --==-=-= Content-Type: text/plain; charset=utf-8 Content-Disposition: inline CVE-2021-28302 12.03.21 16:15 A stack overflow in pupnp 1.16.1 can cause the denial of service through the Parser_parseDocument() function. ixmlNode_free() will release a child node recursively, which will consume stack space and lead to a crash. Upstream did not provide a patch yet, see < https://github.com/pupnp/pupnp/issues/249>. I suggest we wait for the patch to be made and then update, to be monitored. --==-=-= Content-Type: application/pgp-signature; name=signature.asc Content-Transfer-Encoding: base64 Content-Description: This is a digitally signed message part LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KCmlRSXpCQUFCQ2dBZEZpRUVGSXZMaTlnTCt4 YXgzZzZSUmFpeDZHdk5FS1lGQW1CTUVZMEFDZ2tRUmFpeDZHdk4KRUtZVURRLy9jSkNSRGFwTlhC UEd0anc5ZzdLaTgzV3FzcVNJRzk3WVpGMSs4dkYzRUtXYVEweWFVS3dQeUFoRgp5bmdScUlHem85 bmViZGs5SnU4ajhuRlBJQ1hLcTN6d21pSnpxZzQzbWdkRG9GamFWQ2dRTHYvVElQYmgvcG9pCitZ OUpNMFU0KzF0a0wyZVB5bHBHVGZnVFoyYVNOaDdEaVdSMmZzdklacFJvemVYK1hRQlhuWkpRQmJq Z0FDNUEKTmlmMnFGZ29oU1lyTVU3dGlpL080M2FIc0JTQ25qQmRxMXY4WCtPSTloTEFXbGNscncr c0pNVkFiRVZWRGZ0MQpVTSt2azlTSkFTMllHWjhoNnZ4SmtEUTJuNTg1MVAyMnZySWtSejFXVVZM L2VqbHd2QjVrazFQVDRueXg1M1dUCmFLZDdTd3ZYYmZiL252NUthTVN4NGtYbUFvcXVRemkvMW5l aTFVNjA0M1pMSDhyc2ZxdVhQaG8zSlVOWnoyOGgKMTRMajBuQndKMVp4ZUdoRC81L1hxTURXcC9B YnFYS2FJc25hRUtGWmRVWmZGUHdURXBnUmxudFRlVHMzVGl3cwpsOXh1b1YrUWliOHNsVzhaUlM3 Y3ZwRk85SG5tdDhSNk1RZ2s1bzB6RFAzc2RSYzN2OXJOOXdUNkNDSEFVRUhWCnRTWFBvYndSS29F QVpON0lRNENxdlhzQVdhMmVFTEVWNFhzMTgwNDVpQzVqNXoyU0NQNVFjVXJvMjBzaXhjME0KZVpG LzFBOFlvTTd1MVF4aHI5dzNwdHY5aWlDeXdrQldoWUxDQnFDNEJPVVlTREZtRHUvSUVyQTByYWlx TzJlOQpJZnNKV3poUWNGYW5BbjBjL05oekpmYWowdmhhcEN5d2NCZGtzdzg0Wm1ROWRYSzRFNEU9 Cj0zVCtwCi0tLS0tRU5EIFBHUCBTSUdOQVRVUkUtLS0tLQo= --==-=-=-- --=-=-= Content-Type: text/plain -------------------- End of forwarded message -------------------- --=-=-=--