projects / feed / packages.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 67af341) | patch
minidlna: update to 1.3.3
authorRobert Högberg <robert.hogberg@gmail.com>
Sun, 11 Jun 2023 21:55:23 +0000 (23:55 +0200)
committerRosen Penev <rosenp@gmail.com>
Fri, 30 Jun 2023 01:05:10 +0000 (18:05 -0700)
commit77b4067754569c0094ad41e60137117ff9a71bf8
tree04c8f2c79d1ae246019c7a313f1425e7af50e815tree | snapshot
parent67af34188da75c737556fd439ab1a1a8c7d954a7commit | diff
minidlna: update to 1.3.3

Fixes CVE-2023-33476:
  ReadyMedia (MiniDLNA) versions from 1.1.15 up to 1.3.2 is vulnerable
  to Buffer Overflow. The vulnerability is caused by incorrect
  validation logic when handling HTTP requests using chunked transport
  encoding. This results in other code later using attacker-controlled
  chunk values that exceed the length of the allocated buffer,
  resulting in out-of-bounds read/write.

Signed-off-by: Robert Högberg <robert.hogberg@gmail.com>
multimedia/minidlna/Makefile diff | blob | history
multimedia/minidlna/patches/030-mark_all_instances_of_magic_container_s_as_const.patch diff | blob | history
Mirror of packages feed