Fedora Account System
Red Hat Associate
Red Hat Customer
libupnp (aka Portable UPnP SDK) has received some security fixes involving string handling and additionally some fixes for bugs created by a previous botched attempt to fix insecure string handling. The previous fixes actually broke UPnP clients using libupnp (most notably VideoLan's VLC). http://sourceforge.net/p/pupnp/bugs/122/ https://sourceforge.net/p/pupnp/mailman/message/32290824/ http://sourceforge.net/p/pupnp/code/commit_browser The commits [0398b1] [814d15] are specifically security related. There are three other new commits, [11f05d] [ef6a6d] [bf0a3d] which fix bugs and you may also wish to include.
Created libupnp tracking bugs for this issue: Affects: fedora-all [bug 1146032] Affects: epel-all [bug 1146033]
CVE request sent to oss-security mailing list
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.