An update for gupnp is now available for openEuler-20.03-LTS-SP1 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2022-1768 Final 1.0 1.0 2022-07-22 Initial 2022-07-22 2022-07-22 openEuler SA Tool V1.0 2022-07-22 gupnp security update An update for gupnp is now available for openEuler-20.03-LTS-SP1. GUPnP is an elegant, object-oriented open source framework for creating UPnP devices and control points, written in C using GObject and libsoup. The GUPnP API is intended to be easy to use, efficient and flexible. It provides the same set of features as libupnp,but shields the developer from most of UPnP's internals. Security Fix(es): The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.(CVE-2020-12695) An update for gupnp is now available for openEuler-20.03-LTS-SP1. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High gupnp https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1768 https://openeuler.org/en/security/cve/detail.html?id=CVE-2020-12695 https://nvd.nist.gov/vuln/detail/CVE-2020-12695 openEuler-20.03-LTS-SP1 gupnp-devel-1.2.4-1.oe1.aarch64.rpm gupnp-debugsource-1.2.4-1.oe1.aarch64.rpm gupnp-1.2.4-1.oe1.aarch64.rpm gupnp-debuginfo-1.2.4-1.oe1.aarch64.rpm gupnp-help-1.2.4-1.oe1.noarch.rpm gupnp-1.2.4-1.oe1.src.rpm gupnp-debuginfo-1.2.4-1.oe1.x86_64.rpm gupnp-1.2.4-1.oe1.x86_64.rpm gupnp-devel-1.2.4-1.oe1.x86_64.rpm gupnp-debugsource-1.2.4-1.oe1.x86_64.rpm The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. 2022-07-22 CVE-2020-12695 openEuler-20.03-LTS-SP1 High 7.5 AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H gupnp security update 2022-07-22 https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1768