webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-05-07 05:26:10 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
b244d9b0d63f13f396c8a060767f9d86b96e9d5e
bpfire/lfs/minidlna
Adolf Belka e1e94ae75b minidlna: Addition of patches to fix CVE-2022-26505 
- CVE-2022-26505  A DNS rebinding issue in ReadyMedia (formerly MiniDLNA) before 1.3.1
   allows a remote web server to exfiltrate media files. CVE created on 6th March 2022
- minidlna have created the patches to fix CVE-2022-26505 and have created a git tag for
   version 1.3.1 but have not provided any 1.3.1 source tarballs. A ticket was raised on
   14th March 2022 in the source forge support system asking to "Please publish a tarball
   for 1.3.1" but there was no reply from the developer so far.
- In the NIST National Vulnerability Database it refers to a fix implemented in 1.3.1 but
   the link to the sourceforge page is only the patches applied for the fix
- I used those diff descriptions to create a patch to implement on the existing 1.3.0
   version in IPFire and this patch submission applies that fix
- Incremented the lfs PAK_VER

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
2022-05-01 08:45:12 +00:00

3.8 KiB
Raw Blame History

View Raw
Reference in New Issue View Git Blame Copy Permalink