GNU bug report logs - #47140
libupnp package vulnerable to CVE-2021-28302

Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.

Package: guix; Reported by: Mark H Weaver <mhw@HIDDEN>; Keywords: security; dated Sun, 14 Mar 2021 21:31:02 UTC; Maintainer for guix is bug-guix@HIDDEN.

Message received at 47140 <at> debbugs.gnu.org:


Received: (at 47140) by debbugs.gnu.org; 5 Apr 2021 20:51:20 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Apr 05 16:51:20 2021
Received: from localhost ([127.0.0.1]:38730 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1lTWBs-0004y7-Bg
	for submit <at> debbugs.gnu.org; Mon, 05 Apr 2021 16:51:20 -0400
Received: from mail.zaclys.net ([178.33.93.72]:43249)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <lle-bout@HIDDEN>) id 1lTWBq-0004xr-Kz
 for 47140 <at> debbugs.gnu.org; Mon, 05 Apr 2021 16:51:19 -0400
Received: from [192.168.1.115] (lsl43-1_migr-78-195-19-20.fbx.proxad.net
 [78.195.19.20] (may be forged)) (authenticated bits=0)
 by mail.zaclys.net (8.14.7/8.14.7) with ESMTP id 135KpB0U057058
 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO)
 for <47140 <at> debbugs.gnu.org>; Mon, 5 Apr 2021 22:51:12 +0200
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.zaclys.net 135KpB0U057058
Authentication-Results: mail.zaclys.net;
 dmarc=fail (p=reject dis=none) header.from=zaclys.net
Authentication-Results: mail.zaclys.net;
 spf=fail smtp.mailfrom=lle-bout@HIDDEN
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zaclys.net;
 s=default; t=1617655872;
 bh=cnMXBgYbWOadBuZgboS8ogPhgKoSZdygYcKJrdDoPnw=;
 h=Subject:From:To:Date:From;
 b=dhsyN6ByR5vpcCyACtg33fo+nQT84ut1gtE+3JXGLgBV/wGEOAC0sc6EbXl5Gpo3A
 3Z9xS+LdWXaNJkj3FvU4wJu6xLttLNn3Jon2hiVBH7gpuytUJJPILXyhsLv4WfKLzu
 d2ja+zz30QgvxIMPVieUa6o7C6OF+VI27kVXn564=
Message-ID: <ede99764b2ae52b0c5ae719a70b40fe8ac6aa6ca.camel@HIDDEN>
Subject: libupnp package vulnerable to CVE-2021-28302
From: =?ISO-8859-1?Q?L=E9o?= Le Bouter <lle-bout@HIDDEN>
To: 47140 <at> debbugs.gnu.org
Date: Mon, 05 Apr 2021 22:50:56 +0200
Content-Type: multipart/signed; micalg="pgp-sha512";
 protocol="application/pgp-signature"; boundary="=-Ro2zO5DIVwG1xSUK4+BF"
User-Agent: Evolution 3.34.2 
MIME-Version: 1.0
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 47140
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)


--=-Ro2zO5DIVwG1xSUK4+BF
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Upstream created and merged a probable patch:=20
https://github.com/pupnp/pupnp/pull/306

Reporter still needs to confirm if it fixes the issue.

--=-Ro2zO5DIVwG1xSUK4+BF
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEFIvLi9gL+xax3g6RRaix6GvNEKYFAmBreDAACgkQRaix6GvN
EKbPTA/+MBbgjAjTCTeZ54pKRRUQdP8Pcb2IVreT0GmIpsiTGJeH8+4uFegkj/jJ
AA5vCyPuzEw+3P+4O9QKFbVvJq0znioA5fDHp9OvKdvTukRAu4rdaV/8EnRQnnVH
o/E23QgoUXbnCftpKzzI2NAgQWgJokfOeoaQho/b/kPlf3s9Mizr0GgX5kkXjHVC
ycw4IvMlabZor4ECujDHRhToNogkp2dO6929wf5/efl0pC8a1Bv5fbUDWvsSLyVX
sPrOTsEGo/D0yK6rucVG4D59B/YgGsljloB35upSatM0hmOFX6ynfHlj91kyf5qF
ks+9VeCIpm2fPyth+wTN7hu87MyNwMi6ZjjTmZ7G9NI+EyOQ3F+kPZREHZNFHhC7
5sVG8L0LFleCqrJWQgMXMZU6bF+guYrV01CGBczzvHwz4bxgT+zA2k/wW6/QTYlG
IjvnWwOe+pYuBVX1/cx77iguvU4FNRG+tXC8rqhYsLjF5fpuDbDUQv9DCfDoYmkK
SStYWyAH/8eLlKZprMbJUsa494MedFWyqdRCuiIxMykUVBz30rfHlcZXp1aXDz0k
9gUg+3GZQbcc4FKQG2znw5z4o4AHnqsfeffljph6Oqx9Y9/0iV1H080J5uE90xhl
fDlsu/rG3Aw0NzIlka8eBIKr9fSdkEKwti3FDu6/Hd+ihStWL/0=
=jvyO
-----END PGP SIGNATURE-----

--=-Ro2zO5DIVwG1xSUK4+BF--





Information forwarded to bug-guix@HIDDEN:
bug#47140; Package guix. Full text available.
Added indication that bug 47140 blocks47297 Request was from Leo Famulari <leo@HIDDEN> to control <at> debbugs.gnu.org. Full text available.
Added tag(s) security. Request was from Ludovic Courtès <ludo@HIDDEN> to control <at> debbugs.gnu.org. Full text available.

Message received at submit <at> debbugs.gnu.org:


Received: (at submit) by debbugs.gnu.org; 14 Mar 2021 21:30:57 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun Mar 14 17:30:56 2021
Received: from localhost ([127.0.0.1]:34321 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1lLYK8-0002pJ-MR
	for submit <at> debbugs.gnu.org; Sun, 14 Mar 2021 17:30:56 -0400
Received: from lists.gnu.org ([209.51.188.17]:38872)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <mhw@HIDDEN>) id 1lLYK5-0002p8-RK
 for submit <at> debbugs.gnu.org; Sun, 14 Mar 2021 17:30:54 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:55114)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mhw@HIDDEN>) id 1lLYK5-0001oq-JL
 for bug-guix@HIDDEN; Sun, 14 Mar 2021 17:30:53 -0400
Received: from world.peace.net ([64.112.178.59]:55680)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mhw@HIDDEN>) id 1lLYK2-0000x8-8k
 for bug-guix@HIDDEN; Sun, 14 Mar 2021 17:30:53 -0400
Received: from mhw by world.peace.net with esmtpsa
 (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92)
 (envelope-from <mhw@HIDDEN>)
 id 1lLYJp-0000gu-L9; Sun, 14 Mar 2021 17:30:37 -0400
From: Mark H Weaver <mhw@HIDDEN>
To: bug-guix@HIDDEN
Subject: libupnp package vulnerable to CVE-2021-28302
References: <57dace27aa78c5c193ed803fc0bc05d55a7646c6.camel@HIDDEN>
Date: Sun, 14 Mar 2021 17:29:06 -0400
Message-ID: <87lfaps9tu.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="=-=-="
Received-SPF: pass client-ip=64.112.178.59; envelope-from=mhw@HIDDEN;
 helo=world.peace.net
X-Spam_score_int: -18
X-Spam_score: -1.9
X-Spam_bar: -
X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: -1.3 (-)
X-Debbugs-Envelope-To: submit
Cc: =?utf-8?Q?L=C3=A9o?= Le Bouter <lle-bout@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -2.3 (--)

--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

I'm forwarding this to bug-guix@HIDDEN so that it won't be forgotten.

       Mark

-------------------- Start of forwarded message --------------------
Subject: libupnp package vulnerable to CVE-2021-28302
From: L=C3=A9o Le Bouter <lle-bout@HIDDEN>
To: guix-devel@HIDDEN
Date: Sat, 13 Mar 2021 02:12:45 +0100


--=-=-=
Content-Type: multipart/signed; boundary="==-=-="

--==-=-=
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline

CVE-2021-28302	12.03.21 16:15
A stack overflow in pupnp 1.16.1 can cause the denial of service
through the Parser_parseDocument() function. ixmlNode_free() will
release a child node recursively, which will consume stack space and
lead to a crash.

Upstream did not provide a patch yet, see <
https://github.com/pupnp/pupnp/issues/249>.

I suggest we wait for the patch to be made and then update, to be
monitored.

--==-=-=
Content-Type: application/pgp-signature; name=signature.asc
Content-Transfer-Encoding: base64
Content-Description: This is a digitally signed message part

LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KCmlRSXpCQUFCQ2dBZEZpRUVGSXZMaTlnTCt4
YXgzZzZSUmFpeDZHdk5FS1lGQW1CTUVZMEFDZ2tRUmFpeDZHdk4KRUtZVURRLy9jSkNSRGFwTlhC
UEd0anc5ZzdLaTgzV3FzcVNJRzk3WVpGMSs4dkYzRUtXYVEweWFVS3dQeUFoRgp5bmdScUlHem85
bmViZGs5SnU4ajhuRlBJQ1hLcTN6d21pSnpxZzQzbWdkRG9GamFWQ2dRTHYvVElQYmgvcG9pCitZ
OUpNMFU0KzF0a0wyZVB5bHBHVGZnVFoyYVNOaDdEaVdSMmZzdklacFJvemVYK1hRQlhuWkpRQmJq
Z0FDNUEKTmlmMnFGZ29oU1lyTVU3dGlpL080M2FIc0JTQ25qQmRxMXY4WCtPSTloTEFXbGNscncr
c0pNVkFiRVZWRGZ0MQpVTSt2azlTSkFTMllHWjhoNnZ4SmtEUTJuNTg1MVAyMnZySWtSejFXVVZM
L2VqbHd2QjVrazFQVDRueXg1M1dUCmFLZDdTd3ZYYmZiL252NUthTVN4NGtYbUFvcXVRemkvMW5l
aTFVNjA0M1pMSDhyc2ZxdVhQaG8zSlVOWnoyOGgKMTRMajBuQndKMVp4ZUdoRC81L1hxTURXcC9B
YnFYS2FJc25hRUtGWmRVWmZGUHdURXBnUmxudFRlVHMzVGl3cwpsOXh1b1YrUWliOHNsVzhaUlM3
Y3ZwRk85SG5tdDhSNk1RZ2s1bzB6RFAzc2RSYzN2OXJOOXdUNkNDSEFVRUhWCnRTWFBvYndSS29F
QVpON0lRNENxdlhzQVdhMmVFTEVWNFhzMTgwNDVpQzVqNXoyU0NQNVFjVXJvMjBzaXhjME0KZVpG
LzFBOFlvTTd1MVF4aHI5dzNwdHY5aWlDeXdrQldoWUxDQnFDNEJPVVlTREZtRHUvSUVyQTByYWlx
TzJlOQpJZnNKV3poUWNGYW5BbjBjL05oekpmYWowdmhhcEN5d2NCZGtzdzg0Wm1ROWRYSzRFNEU9
Cj0zVCtwCi0tLS0tRU5EIFBHUCBTSUdOQVRVUkUtLS0tLQo=
--==-=-=--

--=-=-=
Content-Type: text/plain

-------------------- End of forwarded message --------------------

--=-=-=--




Acknowledgement sent to Mark H Weaver <mhw@HIDDEN>:
New bug report received and forwarded. Copy sent to bug-guix@HIDDEN. Full text available.
Report forwarded to bug-guix@HIDDEN:
bug#47140; Package guix. Full text available.
Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.
Last modified: Mon, 5 Apr 2021 21:00:02 UTC

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997 nCipher Corporation Ltd, 1994-97 Ian Jackson.