Update miniupnpc to 1.9.20151008 #6789

pull laanwj wants to merge 1 commits into bitcoin:master from laanwj:2015_10_mitigate_upnp_buffer_overflow changing 1 files +2 −2
  1. laanwj commented at 11:21 am on October 9, 2015: member

    This version of miniupnpc fixes a buffer overflow in the XML (ugh) parser during initial network discovery.

    http://talosintel.com/reports/TALOS-2015-0035/

    The commit fixing the vulnerability is: https://github.com/miniupnp/miniupnp/commit/79cca974a4c2ab1199786732a67ff6d898051b78

    Reported by timothy on IRC. Needs backport to 0.10 and 0.11.

    Edit: complete diff between current version miniupnp 1.9.20150730 and 1.9.20151008 : https://gist.github.com/laanwj/6caebd77a1c253a486e4

  2. Update miniupnpc to 1.9.20151008
    This version of miniupnpc fixes a buffer overflow in the XML (ugh)
    parser during initial network discovery.
    
    http://talosintel.com/reports/TALOS-2015-0035/
    
    The commit fixing the vulnerability is:
    https://github.com/miniupnp/miniupnp/commit/79cca974a4c2ab1199786732a67ff6d898051b78
    
    Reported by timothy on IRC.
    0cca0248f0
  3. laanwj added the label Build system on Oct 9, 2015
  4. fanquake commented at 11:23 am on October 9, 2015: member
    utACK
  5. gavinandresen commented at 12:38 pm on October 9, 2015: contributor

    utACK

    Until binaries are available, workaround is for anybody on a public LAN is to add this to their bitcoin.conf:

    0upnp=0
    
  6. laanwj merged this on Oct 9, 2015
  7. laanwj closed this on Oct 9, 2015

  8. laanwj referenced this in commit 8c7e6138db on Oct 9, 2015
  9. laanwj referenced this in commit 093d7b5895 on Oct 9, 2015
  10. btcdrak commented at 1:00 pm on October 9, 2015: contributor
    utACK
  11. theuni commented at 1:37 pm on October 9, 2015: member
    Ugh. utACK.
  12. laanwj referenced this in commit b21acab82f on Jul 29, 2019
  13. sidhujag referenced this in commit 1f6ab18969 on Jul 30, 2019
  14. reddink referenced this in commit cbc8e2495b on May 27, 2020
  15. PastaPastaPasta referenced this in commit d8925fe0f6 on Jun 26, 2021
  16. PastaPastaPasta referenced this in commit 30b1e1da4f on Jun 26, 2021
  17. PastaPastaPasta referenced this in commit 6e054f897b on Jun 26, 2021
  18. MarcoFalke locked this on Sep 8, 2021

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-10-30 03:12 UTC

This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me