unofficial mirror of guix-devel@gnu.org 
 help / color / mirror / code / Atom feed
* (unknown), 
@ 2016-10-06  6:16 Leo Famulari
  2016-10-06  6:16 ` [PATCH 1/1] gnu: libupnp: Fix CVE-2016-6255 Leo Famulari
  2016-10-06  7:22 ` CVE-2016-6255 Efraim Flashner
  0 siblings, 2 replies; 5+ messages in thread
From: Leo Famulari @ 2016-10-06  6:16 UTC (permalink / raw)
  To: guix-devel

Subject: [PATCH 0/1] libupnp remote filesystem access CVE-2016-6255

You can use libupnp on a remote server to read and write the filesystem
with the privileges of the libupnp process:

http://seclists.org/oss-sec/2016/q3/102

This patch cherry-picks the upstream commit:

https://github.com/mrjimenez/pupnp/commit/d64d6a44906b5aa5306bdf1708531d698654dda5

Leo Famulari (1):
  gnu: libupnp: Fix CVE-2016-6255.

 gnu/local.mk                                     |  1 +
 gnu/packages/libupnp.scm                         |  2 +
 gnu/packages/patches/libupnp-CVE-2016-6255.patch | 86 ++++++++++++++++++++++++
 3 files changed, 89 insertions(+)
 create mode 100644 gnu/packages/patches/libupnp-CVE-2016-6255.patch

-- 
2.10.1

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2016-10-09 19:59 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-10-06  6:16 (unknown), Leo Famulari
2016-10-06  6:16 ` [PATCH 1/1] gnu: libupnp: Fix CVE-2016-6255 Leo Famulari
2016-10-06 19:28   ` Ludovic Courtès
2016-10-09 19:58     ` Leo Famulari
2016-10-06  7:22 ` CVE-2016-6255 Efraim Flashner

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).