[SECURITY] [DSA 4806-1] minidlna security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 4806-1] minidlna security update
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Mon, 7 Dec 2020 21:38:44 +0000
Message-id: <[🔎] 20201207213844.GB9294@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4806-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
December 07, 2020                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : minidlna
CVE ID         : CVE-2020-12695 CVE-2020-28926
Debian Bug     : 976594 976595

It was discovered that missing input validation in minidlna, a
lightweight DLNA/UPnP-AV server could result in the execution of
arbitrary code. In addition minidlna was susceptible to the
"CallStranger" UPnP vulnerability.

For the stable distribution (buster), these problems have been fixed in
version 1.2.1+dfsg-2+deb10u1.

We recommend that you upgrade your minidlna packages.

For the detailed security status of minidlna please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/minidlna

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl/OoCMACgkQEMKTtsN8
TjZ5YQ//YGsiR+FuV2o0gO7334yrekgj3oDhkhfkL0TIkaMRSacnZMLcnK/5Pp7D
ft4/MopnhoXucoVfiEXyixQn+LmwXQF5IAv6AGQp0ZK5UqNxMVGtvltjSf46Qamk
mag8ZzaskPYnLtSARRYZ9U5zV8B94CvEnQ/azqhjQLbkvQNwv+Wjg63CiFMG1HKz
Kmnx5bsmucmVSj7uRFaiQ0p1VA+iCJguQX7dsJ6StIkx2yjAalvvTW8hljEG7AL7
Y/i+7FWkFjrLtiLms88OOVevlWIqywCd7t3DVxAlCY2ANpaauUCcF8MG1j+03unu
QLowyXLAPaaEfNBpkEpsLEns3Ez6WjzuVUJIMD+vSYpNneo5q2gkwXhz0s5cABg8
WMfDamIfwufwRR0MCYAfChyk5ftF2MydcYYWnLEWD9MFL81igQFqFFs96k/dcCft
nJNypruzPnvsDOjijNMGU5RWpYBI9ebFL9meC7XtHeLwvM4UUbfOiS1/zZUVuDPI
WHbqDbuO+1CjnWpTFSSo6RSlq/qYMgPqEn6g/GEOaxOCpPimhx/qYbj1sWsEnnNM
bekwhDVuxRt4eL9iGMI3pQJYOsP441bYGFjiYNBLdPOlY0lzhyNsLJW1Jskf9cpF
cimkWMtrj2niUUR0tit8tBn+hokuWdiP3Jelb8DmxynkGRCYsZg=
=P2Sb
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 4805-1] trafficserver security update
Next by Date: [SECURITY] [DSA 4807-1] openssl security update
Previous by thread: [SECURITY] [DSA 4805-1] trafficserver security update
Next by thread: [SECURITY] [DSA 4807-1] openssl security update
Index(es):
- Date
- Thread