minissdpd (1.2.20130907-4.1+deb9u1) stretch; urgency=medium * CVE-2019-12106: Prevent a use-after-free vulnerability that would allow a remote attacker to crash the process. (Closes: #929297) -- Chris Lamb Mon, 27 May 2019 10:14:26 +0100 minissdpd (1.2.20130907-4.1) unstable; urgency=medium * Non-maintainer upload. * Also add Wants=network-online.target in the .service file, network-online.target is not part of the default dependency chain, this should really (Closes: #861231) -- Laurent Bigonville Mon, 08 May 2017 16:12:09 +0200 minissdpd (1.2.20130907-4) unstable; urgency=medium * Add After=network-online.target in the .service file (Closes: #861231). * Add lsb-base as depends. -- Thomas Goirand Wed, 26 Apr 2017 17:07:25 +0200 minissdpd (1.2.20130907-3.2) unstable; urgency=high * Non-maintainer upload. * Fix CVE-2016-3178 and CVE-2016-3179. (Closes: #816759) The minissdpd daemon contains a improper validation of array index vulnerability (CWE-129) when processing requests sent to the Unix socket at /var/run/minissdpd.sock the Unix socket can be accessed by an unprivileged user to send invalid request causes an out-of-bounds memory access that crashes the minissdpd daemon. -- James Cowgill Mon, 24 Oct 2016 08:54:59 +0100 minissdpd (1.2.20130907-3.1) unstable; urgency=medium * Non-maintainer upload. * Add systemd service file (Closes: #716803). -- Michael Biebl Wed, 13 Jul 2016 20:12:37 +0200 minissdpd (1.2.20130907-3) unstable; urgency=medium * Removed $all from init.d script. * Removed build-depends on hardening-wrapper. -- Thomas Goirand Mon, 14 Jul 2014 14:48:55 +0800 minissdpd (1.2.20130907-2) unstable; urgency=medium * Build-Depends: on freebsd-glue, and link with it, if we're building for kfreebsd. This is needed for the link_ntoa() call in upnputils.c, as otherwise minissdpd FTBFS on kfreebsd. -- Thomas Goirand Mon, 09 Jun 2014 14:34:14 +0800 minissdpd (1.2.20130907-1) unstable; urgency=medium * New upstream release (Closes: #719612). * Fixed typo in package description (Closes: #653027). * Removed 0001-always-disable-link_ntoa.diff, let's see if that still works in FreeBSD. * Switched to compat level 9 and bumped standards-version. * VCS URLs now canonical. * Using DPKG_EXPORT_BUILDFLAGS and hardening=+all. * Removed the [ $VERBOSE ] cruft from init script. -- Thomas Goirand Wed, 28 May 2014 06:47:51 +0000 minissdpd (1.1.20120121-1) unstable; urgency=low * New upstream version. * Fixed the init script to handle when start-stop-daemon returns 1, and handling of the VERBOSE variable. * Switching from dpatch to quilt, and from source format 1.0 to 3.0. -- Thomas Goirand Fri, 17 Feb 2012 19:23:48 +0800 minissdpd (1.1.20111007-4) unstable; urgency=low * Fixed English grammar mistakes, thanks to Martin Eberhard Schauer (Closes: #653027). * Added a debian/gbp.conf * Added support for "status" action to init.d script, thanks to patch from Peter Eisentraut (Closes: #652916). -- Thomas Goirand Fri, 23 Dec 2011 19:53:11 +0800 minissdpd (1.1.20111007-3) unstable; urgency=low * Exits if binary isn't found (Closes: #646746). -- Thomas Goirand Thu, 27 Oct 2011 19:28:20 +0800 minissdpd (1.1.20111007-2) unstable; urgency=low * Calling dpatch directly in debian/rules because the patch wasn't applied at all, so this bug was still remaining, thanks to Christoph Egger for reporting it (Closes: #635911). -- Thomas Goirand Mon, 10 Oct 2011 15:16:20 +0800 minissdpd (1.1.20111007-1) unstable; urgency=low * New upstream version including the bugfixes to bugs sent to the Debian BTS (Closes: #644508, #644509, #644510, #644511, #630665). * Added a patch to disable calls to link_ntoa in Debian/kFreeBSD (Closes: #635911). * debian/copyright is now in DEP5 format. -- Thomas Goirand Sun, 09 Oct 2011 17:49:12 +0000 minissdpd (1.0.20110729-1) unstable; urgency=high * New upstream release 1.0.20110729, fixing root exploit issue reported on launchpad (Closes: #635836) (LP: #813313), thanks to Moritz Muehlenhoff for the bug report, and to falks at Ubuntu for the investigation of the issue. * Added build-arch: and build-indep: targets in debian/rules. * Bumped standard-version to 3.9.2. -- Thomas Goirand Fri, 29 Jul 2011 14:41:55 +0200 minissdpd (1.0-2) unstable; urgency=low * Watch file was wrong (it was the one of miniupnpc). * Uploading to unstable from now on. -- Thomas Goirand Fri, 11 Mar 2011 19:59:51 +0800 minissdpd (1.0-1) experimental; urgency=low * Initial release (Closes: #608270). -- Thomas Goirand Wed, 29 Dec 2010 16:49:20 +0800