CVE-2009-2174
Published: 23 June 2009
GUPnP 0.12.7 allows remote attackers to cause a denial of service (crash) via an empty (1) subscription or (2) control message.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
gupnp Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| hardy |
Ignored
(end of life)
|
|
| intrepid |
Ignored
(end of life, was needs-triage)
|
|
| jaunty |
Ignored
(end of life)
|
|
| karmic |
Not vulnerable
(0.12.6-3.1)
|
|
| lucid |
Not vulnerable
(0.13.1-1)
|
|
| maverick |
Not vulnerable
(0.13.1-1)
|
|
| natty |
Not vulnerable
(0.13.1-1)
|
|
| oneiric |
Not vulnerable
(0.13.1-1)
|
|
| upstream |
Released
(0.12.6-3.1)
|
|
|
Patches: vendor: http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=10;filename=gupnp-0.12.6-3_0.12.6-3.1.patch;att=1;bug=534594 upstream: http://git.gupnp.org/cgit.cgi?url=gupnp/commit/&id=4d678a82188e88ce7a2546d9d2b9128de1460985 upstream: http://git.gupnp.org/cgit.cgi?url=gupnp/commit/&id=526bc6dd4ff940629fa91030e8be7e82d145d53d upstream: http://git.gupnp.org/cgit.cgi?url=gupnp/commit/&id=aa3f4a4e62a571da80d1b082c0eb42ae1a616d8a |
||