embedded copies of libupnp
Uwe Kleine-König
uwe at kleine-koenig.org
Fri Dec 9 09:27:20 UTC 2016
Hello,
there are two source packages (in sid, found via codesearch.d.n) that
include embedded copies of libupnp: djmount and mediatomb (maintainers
on Cc:).
djmount build-depends on libupnp-dev and calls configure with
--with-external-libupnp, so fixing libupnp should be good enough here.
mediatomb doesn't build-depend on libupnp-dev and looking at
https://buildd.debian.org/status/fetch.php?pkg=mediatomb&arch=armhf&ver=0.12.1-47-g7ab7616-1%2Bb4&stamp=1460993907
it seems that the embedded copy is used, so mediatomb needs additional
handling to fix the bug. Also the copy is vulnerable.
Best regards
Uwe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-multimedia-maintainers/attachments/20161209/5d5979e3/attachment.sig>
More information about the pkg-multimedia-maintainers
mailing list