From mboxrd@z Thu Jan 1 00:00:00 1970 From: Leo Famulari Subject: (unknown) Date: Thu, 6 Oct 2016 02:16:26 -0400 Message-ID: Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:50310) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bs1zN-0002G7-Hg for guix-devel@gnu.org; Thu, 06 Oct 2016 02:17:06 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bs1zI-0006LM-03 for guix-devel@gnu.org; Thu, 06 Oct 2016 02:17:04 -0400 Received: from out1-smtp.messagingengine.com ([66.111.4.25]:59231) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bs1zG-0006Ha-Pp for guix-devel@gnu.org; Thu, 06 Oct 2016 02:16:59 -0400 Received: from localhost.localdomain (c-73-188-17-148.hsd1.pa.comcast.net [73.188.17.148]) by mail.messagingengine.com (Postfix) with ESMTPA id 380C5F29D2 for ; Thu, 6 Oct 2016 02:16:49 -0400 (EDT) Subject: List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: guix-devel@gnu.org Subject: [PATCH 0/1] libupnp remote filesystem access CVE-2016-6255 You can use libupnp on a remote server to read and write the filesystem with the privileges of the libupnp process: http://seclists.org/oss-sec/2016/q3/102 This patch cherry-picks the upstream commit: https://github.com/mrjimenez/pupnp/commit/d64d6a44906b5aa5306bdf1708531d698654dda5 Leo Famulari (1): gnu: libupnp: Fix CVE-2016-6255. gnu/local.mk | 1 + gnu/packages/libupnp.scm | 2 + gnu/packages/patches/libupnp-CVE-2016-6255.patch | 86 ++++++++++++++++++++++++ 3 files changed, 89 insertions(+) create mode 100644 gnu/packages/patches/libupnp-CVE-2016-6255.patch -- 2.10.1