Debian-LTS alert DLA-748-1 (libupnp4)

From:
    	     
 
Markus Koschany <apo@debian.org> 
To:
    	     
 
debian-lts-announce@lists.debian.org 
Subject:
    	     
 
[SECURITY] [DLA 748-1] libupnp4 security update 
Date:
    	     
 
Fri, 16 Dec 2016 22:36:35 +0100
Message-ID:
    	     
 
<15686c2e-406b-bfdd-b58e-0bee6b579c00@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : libupnp4
Version        : 1.8.0~svn20100507-1.2+deb7u1
CVE ID         : CVE-2016-8863

Scott Tenaglia discovered a heap-based buffer overflow in libupnp4, a
portable SDK for UPnP Devices. That can lead to denial of service or
remote code execution.

For Debian 7 "Wheezy", these problems have been fixed in version
1.8.0~svn20100507-1.2+deb7u1.

We recommend that you upgrade your libupnp4 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlhUXmNfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeRzKw/9Ff/3X+iy6AsdPqaAx3+meXRry8bnT36FxWzafpOSbO1DBk4kUaujwALQ
Pcvh31Hkig0M1zB/0OpvB2p7Bc1ljiIbGNbbSStvt4dntwCpHCmJAXEn2FUjFlGO
sSLzE3zE1NAyYLbTMXEHSZXQNeJv+kKPQSLECCHcehlDCx9+ZuD7004S5IVf6lmg
n4C/8j7m9XXEq9QWa9OERoZo0BIIZIrrY9aJ2+oSOB/HaH0w7wrU0ZGGXeFzqX+j
sxL9y3oafBXpok/TGT5lx/Sv4EIwzM8BiMflLuV6joaB0yETryyhz3fLJKcuJzQT
VgUDzdld6q1ORTCHVpzmNDXditwNTo56iCXJqMLiv5ZZCCiexLvOjwLK/zQwhktE
zxkplhtdggwxhUVIebI10TcOwWIKaQlBYY868jXAZcKrMKxzK7wkeYGAbViERyDR
zeg/QxxDBD4Tk/EYdGqdZ9I8RexFRyihsnm8jutUXFbUljNlRpb+63LfT8htKY+1
56PtBq3iFA446eqaBiPLlhNe0PcEWAk2aI+9WOpEQ4AEp81lq97ZtG+gKiKQMyKS
2qG8863K1oSoeOs0UtksSD92GCqVcTu6DLvigTcUqp9lw/Ny+c09uBK254FNRE5z
Xei7TfXxo3jKFqPBbWcH5LL26O0qojUMJihNF0dUVzd1bX0A5Aw=
=Qbad
-----END PGP SIGNATURE-----