GUPnP 1.0.7 and GUPnP 1.2.5 fix a potential DNS rebind issue.
An impact of this would be that for example a user could be tricked into opening a malicious web page that could scan the local network for UPnP media servers and download the user’s shared files, or, if enabled, even delete them.
Upgrade to 1.2.5 (or where that is not possible, 1.0.7) is strongly recommended.
GUPnP 1.2.5 is also a maintainence release containing a number of fixes, noted below:
Bugs fixed in this release: – gitlab.gnome.org/GNOME/gupnp/issues/47 – gitlab.gnome.org/GNOME/gupnp/issues/46 – gitlab.gnome.org/GNOME/gupnp/issues/23 – gitlab.gnome.org/GNOME/gupnp/issues/24
All contributors to this release: – Jens Georg <email@example.com> – Doug Nazar <firstname.lastname@example.org> – Andre Klapper <email@example.com>
_______________________________________________ gnome-announce-list mailing list firstname.lastname@example.org mail.gnome.org/mailman/listinfo/gnome-announce-list