OESA-2022-1768
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1768
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2022-1768.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/OESA-2022-1768
- Upstream
- Published
- 2022-07-22T11:04:01Z
- Modified
- 2025-08-12T05:05:03.948789Z
- Summary
- gupnp security update
- Details
-
GUPnP is an elegant, object-oriented open source framework for creating UPnP devices and control points, written in C using GObject and libsoup. The GUPnP API is intended to be easy to use, efficient and flexible. It provides the same set of features as libupnp,but shields the developer from most of UPnP's internals.
Security Fix(es):
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.(CVE-2020-12695)
- Database specific
{ "severity": "High" }- References
Affected packages
openEuler:20.03-LTS-SP1 / gupnp
Package
- Name
- gupnp
- Purl
- pkg:rpm/openEuler/gupnp&distro=openEuler-20.03-LTS-SP1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.2.4-1.oe1
Ecosystem specific
{
"aarch64": [
"gupnp-devel-1.2.4-1.oe1.aarch64.rpm",
"gupnp-debugsource-1.2.4-1.oe1.aarch64.rpm",
"gupnp-1.2.4-1.oe1.aarch64.rpm",
"gupnp-debuginfo-1.2.4-1.oe1.aarch64.rpm"
],
"noarch": [
"gupnp-help-1.2.4-1.oe1.noarch.rpm"
],
"src": [
"gupnp-1.2.4-1.oe1.src.rpm"
],
"x86_64": [
"gupnp-debuginfo-1.2.4-1.oe1.x86_64.rpm",
"gupnp-1.2.4-1.oe1.x86_64.rpm",
"gupnp-devel-1.2.4-1.oe1.x86_64.rpm",
"gupnp-debugsource-1.2.4-1.oe1.x86_64.rpm"
]
}