openSUSE-SU-2020:2204-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2020:2204-1.json
JSON Data
https://api.osv.dev/v1/vulns/openSUSE-SU-2020:2204-1
Related
Published
2020-12-07T23:23:49Z
Modified
2020-12-07T23:23:49Z
Summary
Security update for minidlna
Details

This update for minidlna fixes the following issues:

minidlna was updated to version 1.3.0 (boo#1179447)

  • Fixed some build warnings when building with musl.
  • Use $USER instead of $LOGNAME for the default friendly name.
  • Fixed build with GCC 10
  • Fixed some warnings from newer compilers
  • Disallow negative HTTP chunk lengths. [CVE-2020-28926]
  • Validate SUBSCRIBE callback URL. [CVE-2020-12695]
  • Fixed spurious warnings with ogg coverart
  • Fixed an issue with VLC where browse results would be truncated.
  • Fixed bookmarks on Samsung Q series
  • Added DSD file support.
  • Fixed potential stack smash vulnerability in getsyshwaddr on macOS.
  • Will now reload the log file on SIGHUP.
  • Worked around bad SearchCriteria from the Control4 Android app.
  • Increased max supported network addresses to 8.
  • Added forced alphasort capability.
  • Added episode season and number metadata support.
  • Enabled subtitles by default for unknown DLNA clients, and add enable_subtitles config option.
  • Fixed discovery when connected to certain WiFi routers.
  • Added FreeBSD kqueue support.
  • Added the ability to set the group to run as.

This update was imported from the openSUSE:Leap:15.2:Update update project.

References

Affected packages

SUSE:Package Hub 15 SP2 / minidlna

Package

Name
minidlna
Purl
purl:rpm/suse/minidlna&distro=SUSE%20Package%20Hub%2015%20SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.3.0-bp152.4.3.1

Ecosystem specific

{
    "binaries": [
        {
            "minidlna": "1.3.0-bp152.4.3.1"
        }
    ]
}