MGASA-2020-0304

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2020-0304.html

Import Source

https://advisories.mageia.org/MGASA-2020-0304.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2020-0304

Related

CVE-2020-12695

Published

2020-07-31T23:25:42Z

Modified

2020-07-31T22:42:33Z

Summary

Updated gssdp/gupnp packages fix security vulnerability

Details

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. (CVE-2020-12695).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:7 / gssdp

Package

Name: gssdp
Purl: pkg:rpm/mageia/gssdp?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.3-1.mga7

Ecosystem specific

{
    "section": "core"
}

Mageia:7 / gupnp

Package

Name: gupnp
Purl: pkg:rpm/mageia/gupnp?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.3-1.mga7

Ecosystem specific

{
    "section": "core"
}