Re: libupnp buffer overflows

[Henri Salo <henri () nerv fi>]

On Fri, May 18, 2012 at 10:22:52PM +0300, Touko Korpela wrote:
> On Fri, May 18, 2012 at 08:43:52PM +0200, Florian Weimer wrote:
> > * Touko Korpela:
> >
> > > Upstream changelog for libupnp (/usr/share/doc/libupnp6/changelog.gz) lists
> > > many fixes for buffer overflows in version 1.6.16. Should this be added to
> > > tracker and check if CVE number is allocated?
> >
> > It seems that the list of issues is fairly long.  Have you got a list
> > of source code commits?
>
> Unfortunately, no. I only noticed this from the changelog.
> Maybe maintainer and/or upstream can tell if this can be exploited.

Fabrice replied: 
"""
Those issues were found by Coverity (http://www.coverity.com). Coverity affects CWE identifiers like CWE-170 but I 
haven't kept the CWE identifiers of all the fixed bugs.
"""

Did you Fabrice verify if these had security impact? I can try to help if needed.

- Henri Salo