[Slackbuilds-users] libupnp security issue

Willy Sudiarto Raharjo willysr at slackbuilds.org
Tue Jul 11 00:23:57 UTC 2017

> The SlackBuild for libupnp hasn't been updated for more than five years, 
> omitting several security fixes and leaving the resulting package 
> vulnerable to CVE-2016-6255:
>   »Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers
>   to write to arbitrary files in the webroot via a POST request without a
>   registered handler.«
> This build should propably get an upgrade (and a new maintainer).

Hi Thomas,

Have you contacted the current maintainer?
According to the Git Log, Ozan Türkyılmaz is still active

Willy Sudiarto Raharjo

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: OpenPGP digital signature
URL: <https://lists.slackbuilds.org/pipermail/slackbuilds-users/attachments/20170711/80f33f81/attachment.asc>

More information about the SlackBuilds-users mailing list