[SECURITY] [DLA 2238-1] libupnp security update

[Abhijith PA <abhijith@disroot.org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : libupnp
Version        : 1.6.19+git20141001-1+deb8u2
CVE ID         : CVE-2020-13848
Debian Bug     : 962282


libupnp, the portable SDK for UPnP Devices allows remote attackers to
cause a denial of service (crash) via a crafted SSDP message due to a
NULL pointer dereference in the functions FindServiceControlURLPath
and FindServiceEventURLPath in genlib/service_table/service_table.c.
This crash can be triggered by sending a malformed SUBSCRIBE or
UNSUBSCRIBE using any of the attached files.

For Debian 8 "Jessie", this problem has been fixed in version
1.6.19+git20141001-1+deb8u2.

We recommend that you upgrade your libupnp packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAl7d78UACgkQhj1N8u2c
KO9Uqg//ep4riyzeth3AoPZTqe1kVbCP6crL3YeWxNH5rSRcqI9Z2S2VZMwObsM3
NYeYTn5gR4R+h4PFY6UjcZnkNbIby43eG2C5AWvAhncdajG2B6y+h6QLeoMHVkq2
JkIalLNRRGHiu4nSxPv9ISkaEbxAQ+Cl+JFj/koBx/wpbl8ubwil5A1HfRLteC9K
IuE6B5J+iYMQaQYlsXgnF+2jJ35UHy/OykDv047N4HXo/NaEgOTq/dr+EdKXTuHc
FTuvvRcOWYhv91YahWrHEl/lYsFBXyMCoEtxZVE5BMQvMe5x8AuLCdBughsKa1f5
bxywXvUBQiG+1tBuavsFFnhsz4PjdxKa3WjtzK+Tm+dB4pjbI+aVxrHynUcKQz8W
NA4Cu9QP06Cyn27JwMuIfjuzISzIZRYVHcYP0gBjt0oyfwQh6dqUOVpY5H2/0bbB
iXD+f4JLN0a5bES5erPG1FqiqdrCTcOgCPtiSy+siCo66inp8SukOG3cnhWchuF5
JgaTQ4nRytn/XljZbhVrELEwB2QIzIbgCXVCWrix/AUJ1UKTj1rxX5HTzqzlld3Y
EwyrqDHpz5vOxQmediIq3xe+wBcRbaxFsCwRGIQJQS23ogzxF+Z4qSg+1KdPRzLe
dPLJRTfpbuJzHQIv1RdgF9GvlkXPOqqQ+C1/RFuAu+Rp7ECXzVE=
=HQLu
-----END PGP SIGNATURE-----