1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
|
miniupnpd (1.8.20140523-4.1+deb9u2) stretch; urgency=medium
* Applied upstream patches for CVE-2019-12107, CVE-2019-12108,
CVE-2019-12109, CVE-2019-12110. This version looks like not affected by
CVE-2019-12111. (Closes: #930050).
-- Thomas Goirand <zigo@debian.org> Fri, 07 Jun 2019 09:16:03 +0200
miniupnpd (1.8.20140523-4.1+deb9u1) stretch; urgency=medium
* Apply patch from upstream for CVE-2017-1000494 (Closes: #887129).
-- Thomas Goirand <zigo@debian.org> Wed, 07 Feb 2018 12:18:50 +0100
miniupnpd (1.8.20140523-4.1) unstable; urgency=medium
* Non-maintainer upload.
* Backport upstream fix for the iptables version check.
(Closes: #818413)
* Add Dutch debconf translation by Frans Spiesschaert.
(Closes: #766640)
-- Adrian Bunk <bunk@debian.org> Fri, 13 Jan 2017 13:52:51 +0200
miniupnpd (1.8.20140523-4) unstable; urgency=high
* Fixes multiple vulnerabilities (Closes: #772644).
-- Thomas Goirand <zigo@debian.org> Tue, 09 Dec 2014 22:29:04 +0800
miniupnpd (1.8.20140523-3) unstable; urgency=medium
* Do not install the configuration file in /etc/miniupnpd, use /usr/share
instead, so that miniupnpd.conf isn't CONFFILE (Closes: #767646).
* Do not use /usr/share/doc/miniupnpd/examples to get our default config
file, which isn't policy compliant, but use /usr/share/miniupnpd.
-- Thomas Goirand <zigo@debian.org> Tue, 04 Nov 2014 16:35:36 +0800
miniupnpd (1.8.20140523-2) unstable; urgency=medium
* Removed $all from init script.
-- Thomas Goirand <zigo@debian.org> Mon, 14 Jul 2014 07:08:43 +0000
miniupnpd (1.8.20140523-1) unstable; urgency=medium
* New upstream release (Closes: #749392).
* Standards-Version: bumped to 3.9.5.
-- Thomas Goirand <zigo@debian.org> Sun, 08 Jun 2014 09:35:49 +0000
miniupnpd (1.8.20130730-3) unstable; urgency=medium
* Now depending on iproute2 instead of iproute.
* Added Italian debconf translaiton (Closes: #724684).
* Added Spanish debconf translation, thanks to "Matias A. Bellone"
<matiasbellone+debian@gmail.com> (Closes: #733065).
* Added Swedish debconf translation, thanks to Martin Bagge
<brother@bsnet.se> (Closes: #727185).
* Fixed postinst that is destroying the default file (Closes: #726915).
* Fixed wrong directive for enabling ipv6.
-- Thomas Goirand <zigo@debian.org> Wed, 28 May 2014 16:10:53 +0800
miniupnpd (1.8.20130730-2) unstable; urgency=low
* Added the review from the intl team (Closes: #719950).
* Added Debconf translations, with thanks to:
- Japanese, victory (Closes: #724310).
- Portuguese, Traduz (Closes: #724029).
- French, Baptiste Jammet (Closes: #723768).
- German, Chris Leick (Closes: #723147).
- Czech, Michal Šimůnek (Closes: #723025).
- Russian, Yuri Kozlov (Closes: #722602).
- Danish, Joe Dalton (Closes: #722278).
-- Thomas Goirand <zigo@debian.org> Wed, 25 Sep 2013 23:30:11 +0800
miniupnpd (1.8.20130730-1) unstable; urgency=low
* Uploading to unstable.
* New upstream release fixing CVE-2013-2600: MiniUPnPd versions 1.8 and
earlier are prone to an information disclosure vulnerability due to
improper use of snprintf() while preparing SSDP responses. An attacker can
exploit this vulnerability by sending a crafted request with a long ST
header. If the header is long enough, the SSDP response buffer will be
truncated by snprintf() and the subsequent sendto() call will read off the
end of the buffer thereby disclosing the contents of adjacent memory. This
response can reveal details of internal network topology as well as other
activity on the target network. Fix at:
.
https://github.com/miniupnp/miniupnp/commit/18887cb1e49295e69c308d8bb1f2526798a77429
.
Correctly handle truncated snprintf() in SSDP code (Closes: #716936,
#686537).
* Now packaging using pristine-tar git-import-orig.
* Added new IPv6 rules in the init script, and its configuration through
debconf (Closes: #686287).
* Fixed the clean process.
* Removes now obsolete patches.
* Build-Depends on libnfnetlink-dev.
* Standards-Version: 3.9.4.
* Canonical URLs for VCS feilds.
-- Thomas Goirand <zigo@debian.org> Tue, 23 Jul 2013 11:16:15 +0800
miniupnpd (1.7-4) experimental; urgency=low
* Rewrite the debconf text for the external interface, which was completely
wrong: it was asking for the LAN interface, when in fact, what was required
was the name of the WAN interface. Also makes other Debconf questions more
clear, writing WAN and LAN when needed (Closes: #685652).
* Now guessed the name of the WAN interface using route (and depends on
net-tools as a consequence).
* Enables IPv6 and IGDv2 support build options (Closes: #685651, #685650).
* Added display-po-stats and display-po-stats rules target.
-- Thomas Goirand <zigo@debian.org> Thu, 23 Aug 2012 11:45:03 +0000
miniupnpd (1.7-3) experimental; urgency=low
* Added debconf support for maintaining /etc/default/miniupnpd.
-- Thomas Goirand <zigo@debian.org> Sun, 19 Aug 2012 09:17:20 +0000
miniupnpd (1.7-2) experimental; urgency=low
* Only calls sed for putting a uuid if there's no value for the uuid
in the configuration file.
* Removes hardening option from debian/rules.
* Fixed postinst so that it copies miniupnpd.conf from the correct location.
Thanks to Andreas Beckmann for reporting (Closes: #685191).
-- Thomas Goirand <zigo@debian.org> Tue, 07 Aug 2012 07:12:45 +0000
miniupnpd (1.7-1) experimental; urgency=low
* Initial release (Closes: #658434).
-- Thomas Goirand <zigo@debian.org> Tue, 10 Jul 2012 20:16:37 +0000
|
