94a3b3f062
Fix CVE-2021-33516: An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x before 1.2.5. It allows DNS rebinding. A remote web server can exploit this vulnerability to trick a victim's browser into triggering actions against local UPnP services implemented using this library. Depending on the affected service, this could be used for data exfiltration, data tempering, etc. Replace patch by upstream commit as current patch doesn't apply cleanly https://discourse.gnome.org/t/security-relevant-releases-for-gupnp-issue-cve-2021-33516/6536 https://gitlab.gnome.org/GNOME/gupnp/-/blob/gupnp-1.2.6/NEWS Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> |
||
|---|---|---|
| .. | ||
| 0001-doc-Check-for-stylesheet-existence-on-doc-build.patch | ||
| Config.in | ||
| gupnp.hash | ||
| gupnp.mk | ||