Jens Georg

**Name of the Vulnerable Software and Affected Versions** GUPnP versions prior to 1.0.7 GUPnP versions 1.1.x GUPnP versions 1.2.x through 1.2.4 **Description** The issue allows DNS rebinding, which can be exploited by a remote web server to trick a victim's browser into triggering actions against local UPnP services. This could potentially be used for data exfiltration or data tampering, depending on the affected service. **Recommendations** For GUPnP versions prior to 1.0.7, update to version 1.0.7 or later. For GUPnP versions 1.1.x, update to version 1.2.5 or later. For GUPnP versions 1.2.x through 1.2.4, update to version 1.2.5 or later.

**Name of the Vulnerable Software and Affected Versions** Shotwell versions 0.24.4 or earlier Shotwell versions 0.25.3 or earlier **Description** The issue concerns an information disclosure in the web publishing plugins of Shotwell, potentially resulting in the plaintext transmission of passwords and oauth tokens. **Recommendations** For Shotwell versions 0.24.4 or earlier, update to a version later than 0.24.4 to resolve the issue. For Shotwell versions 0.25.3 or earlier, update to a version later than 0.25.3 to resolve the issue.