[Git][security-tracker-team/security-tracker][master] Update information for CVE-2021-37706/ring

Roberto C. Sánchez (@roberto) roberto at debian.org
Sat Sep 14 23:10:50 BST 2024 


Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1e2886bc by Roberto C. Sánchez at 2024-09-14T18:03:57-04:00
Update information for CVE-2021-37706/ring

This was actually fixed in 20230206.0~ds1-1, as shown by
debian/changelog. This can further be confirmed by looking at the state
of the file in question (stun_msg.c) when the immediately preceding
upstream version 20230130.0~ds1 was imported (but which was not released
as a Debian package, since 20230206.0~ds1 followed shortly after) and
comparing to the patch of the upstream commit identified as the
superseding fix (4cea72a4db91c6f0a0984b82edf2f147eda289aa). The changes
in that commit are clearly present in stun_msg.c as it existed when
20230206.0~ds1-1 was released as a Debian package. Link:

https://salsa.debian.org/pkg-voip-team/jami/-/blob/upstream/20230206.0_ds1/daemon/contrib/tarballs-unpacked/pjproject-3b78ef1c48732d238ba284cdccb04dc6de79c54f.tar.gz/pjproject-3b78ef1c48732d238ba284cdccb04dc6de79c54f/pjnath/src/pjnath/stun_msg.c?ref_type=tags&blame=0

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -242357,7 +242357,7 @@ CVE-2021-37706 (PJSIP is a free and open source multimedia communication library
 	- asterisk 1:18.10.1~dfsg+~cs6.10.40431411-1
 	[stretch] - asterisk <not-affected> (Vulnerable code not present)
 	- pjproject <removed>
-	- ring 20230922.0~ds1-1 (bug #1014998; bug #1057379)
+	- ring 20230206.0~ds1-1 (bug #1014998; bug #1057379)
 	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-29945
 	NOTE: https://downloads.asterisk.org/pub/security/AST-2022-004.html
 	NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-2qpg-f6wf-w984



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1e2886bc2b690240c3e2d2434d3f5dd0f9de9b9f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1e2886bc2b690240c3e2d2434d3f5dd0f9de9b9f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240914/046ca998/attachment.htm>

More information about the debian-security-tracker-commits mailing list