File _patchinfo of Package patchinfo

<patchinfo incident="15205">
  <issue tracker="bnc" id="1179447">VUL-0: CVE-2020-28926: minidlna: before versions 1.3.0 allows remote code execution</issue>
  <issue tracker="cve" id="2020-12695"/>
  <issue tracker="cve" id="2020-28926"/>
  <packager>oertel</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for minidlna</summary>
  <description>This update for minidlna fixes the following issues:

minidlna was updated to version 1.3.0 (boo#1179447)

  - Fixed some build warnings when building with musl.
  - Use $USER instead of $LOGNAME for the default friendly name.
  - Fixed build with GCC 10
  - Fixed some warnings from newer compilers
  - Disallow negative HTTP chunk lengths. [CVE-2020-28926]
  - Validate SUBSCRIBE callback URL. [CVE-2020-12695]
  - Fixed spurious warnings with ogg coverart
  - Fixed an issue with VLC where browse results would be truncated.
  - Fixed bookmarks on Samsung Q series
  - Added DSD file support.
  - Fixed potential stack smash vulnerability in getsyshwaddr on macOS.
  - Will now reload the log file on SIGHUP.
  - Worked around bad SearchCriteria from the Control4 Android app.
  - Increased max supported network addresses to 8.
  - Added forced alphasort capability.
  - Added episode season and number metadata support.
  - Enabled subtitles by default for unknown DLNA clients, and add enable_subtitles config option.
  - Fixed discovery when connected to certain WiFi routers.
  - Added FreeBSD kqueue support.
  - Added the ability to set the group to run as.
</description>
</patchinfo>