Version in base suite: 1.3.0+dfsg-2+deb11u1

Base version: minidlna_1.3.0+dfsg-2+deb11u1
Target version: minidlna_1.3.0+dfsg-2+deb11u2
Base file: /srv/ftp-master.debian.org/ftp/pool/main/m/minidlna/minidlna_1.3.0+dfsg-2+deb11u1.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/m/minidlna/minidlna_1.3.0+dfsg-2+deb11u2.dsc

 changelog                                       |    7 ++++++
 patches/series                                  |    1 
 patches/upnphttp-Fix-chunk-length-parsing.patch |   27 ++++++++++++++++++++++++
 3 files changed, 35 insertions(+)

diff -Nru minidlna-1.3.0+dfsg/debian/changelog minidlna-1.3.0+dfsg/debian/changelog
--- minidlna-1.3.0+dfsg/debian/changelog	2022-03-24 21:03:02.000000000 +0000
+++ minidlna-1.3.0+dfsg/debian/changelog	2023-06-19 19:40:21.000000000 +0000
@@ -1,3 +1,10 @@
+minidlna (1.3.0+dfsg-2+deb11u2) bullseye-security; urgency=high
+
+  * Non-maintainer upload by the Security Team.
+  * upnphttp: Fix chunk length parsing (CVE-2023-33476) (Closes: #1037052)
+
+ -- Salvatore Bonaccorso <carnil@debian.org>  Mon, 19 Jun 2023 21:40:21 +0200
+
 minidlna (1.3.0+dfsg-2+deb11u1) bullseye; urgency=medium
 
   * Non-maintainer upload.
diff -Nru minidlna-1.3.0+dfsg/debian/patches/series minidlna-1.3.0+dfsg/debian/patches/series
--- minidlna-1.3.0+dfsg/debian/patches/series	2022-03-24 21:03:02.000000000 +0000
+++ minidlna-1.3.0+dfsg/debian/patches/series	2023-06-19 19:40:21.000000000 +0000
@@ -7,3 +7,4 @@
 10-do-not-close-socket-on-sighup.patch
 
 CVE-2022-26505.patch
+upnphttp-Fix-chunk-length-parsing.patch
diff -Nru minidlna-1.3.0+dfsg/debian/patches/upnphttp-Fix-chunk-length-parsing.patch minidlna-1.3.0+dfsg/debian/patches/upnphttp-Fix-chunk-length-parsing.patch
--- minidlna-1.3.0+dfsg/debian/patches/upnphttp-Fix-chunk-length-parsing.patch	1970-01-01 00:00:00.000000000 +0000
+++ minidlna-1.3.0+dfsg/debian/patches/upnphttp-Fix-chunk-length-parsing.patch	2023-06-19 19:40:21.000000000 +0000
@@ -0,0 +1,27 @@
+From: Justin Maggard <jmaggard@arlo.com>
+Date: Wed, 31 May 2023 00:40:03 -0700
+Subject: upnphttp: Fix chunk length parsing
+Origin: https://sourceforge.net/p/minidlna/git/ci/9bd58553fae5aef3e6dd22f51642d2c851225aec/
+Bug-Debian: https://bugs.debian.org/1037052
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2023-33476
+
+---
+ upnphttp.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/upnphttp.c b/upnphttp.c
+index 05b202067f14..477ebef4caee 100644
+--- a/upnphttp.c
++++ b/upnphttp.c
+@@ -432,7 +432,7 @@ next_header:
+ 		if (h->req_buflen <= h->req_contentoff)
+ 			return;
+ 		while( (line < (h->req_buf + h->req_buflen)) &&
+-		       (h->req_chunklen = strtol(line, &endptr, 16) > 0) &&
++		       ((h->req_chunklen = strtol(line, &endptr, 16)) > 0) &&
+ 		       (endptr != line) )
+ 		{
+ 			endptr = strstr(endptr, "\r\n");
+-- 
+2.40.1
+