[Slackbuilds-users] libupnp security issue

[Thomas Morper]

Hello there,

The SlackBuild for libupnp hasn't been updated for more than five years, 
omitting several security fixes and leaving the resulting package 
vulnerable to CVE-2016-6255:

  »Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers
  to write to arbitrary files in the webroot via a POST request without a
  registered handler.«

This build should propably get an upgrade (and a new maintainer).

--