[Slackbuilds-users] libupnp security issue
Willy Sudiarto Raharjo
willysr at slackbuilds.org
Tue Jul 11 00:23:57 UTC 2017
> The SlackBuild for libupnp hasn't been updated for more than five years,
> omitting several security fixes and leaving the resulting package
> vulnerable to CVE-2016-6255:
>
> »Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers
> to write to arbitrary files in the webroot via a POST request without a
> registered handler.«
>
> This build should propably get an upgrade (and a new maintainer).
Hi Thomas,
Have you contacted the current maintainer?
According to the Git Log, Ozan Türkyılmaz is still active
https://git.slackbuilds.org/slackbuilds/log/?qt=author&q=Ozan+T%C3%BCrky%C4%B1lmaz
--
Willy Sudiarto Raharjo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: OpenPGP digital signature
URL: <https://lists.slackbuilds.org/pipermail/slackbuilds-users/attachments/20170711/80f33f81/attachment.asc>
More information about the SlackBuilds-users
mailing list