On Thu, Oct 06, 2016 at 02:16:26AM -0400, Leo Famulari wrote:
> Subject: [PATCH 0/1] libupnp remote filesystem access CVE-2016-6255
> 
> You can use libupnp on a remote server to read and write the filesystem
> with the privileges of the libupnp process:
> 
> http://seclists.org/oss-sec/2016/q3/102
> 
> This patch cherry-picks the upstream commit:
> 
> https://github.com/mrjimenez/pupnp/commit/d64d6a44906b5aa5306bdf1708531d698654dda5
> 
> Leo Famulari (1):
>   gnu: libupnp: Fix CVE-2016-6255.
> 
>  gnu/local.mk                                     |  1 +
>  gnu/packages/libupnp.scm                         |  2 +
>  gnu/packages/patches/libupnp-CVE-2016-6255.patch | 86 ++++++++++++++++++++++++
>  3 files changed, 89 insertions(+)
>  create mode 100644 gnu/packages/patches/libupnp-CVE-2016-6255.patch
> 
> -- 
> 2.10.1
> 

Looks good to me

-- 
Efraim Flashner   <efraim@flashner.co.il>   אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted