[Nix-dev] Re: [Nix-commits] SVN commit: nix - 12995 - ludo - in nixpkgs/trunk/pkgs: development/libraries development/libraries/libupnp top-level

Ludovic Courtès ludo at gnu.org
Wed Oct 8 21:50:12 CEST 2008


Hi,

Armijn Hemel <armijn at uulug.nl> writes:

>> It's not clear from the front page whether the security issues you are
>> concerned about stem from implementation flaws (such as buffer
>> overflows, which you mention on another page) or protocol flaws (which
>> you mention in the paragraph that starts with "In May 2006").  If the
>> latter, it would be great to emphasize it after "very little has
>> changed", IMO.
>
> Ah, no, that's mostly in applications, though there are some
> peculiarities when you want to some more "advanced" stuff with libupnp
> (we can discuss that offlist). But there is a good reason why Intel has
> moved to another library (the microstack) and abandoned libupnp ;-)

I understand this as "this is an implementation flaw, not a protocol
flaw", is that correct?

Thanks,
Ludovic.




More information about the nix-dev mailing list