libosip2_4.1.0-2.1_source.changes ACCEPTED into unstable
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Sat Apr 15 18:33:46 UTC 2017
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 14 Apr 2017 16:21:21 -0400
Source: libosip2
Binary: libosip2-dev libosip2-11
Architecture: source
Version: 4.1.0-2.1
Distribution: unstable
Urgency: medium
Maintainer: Debian VoIP Team <pkg-voip-maintainers at lists.alioth.debian.org>
Changed-By: Antoine Beaupré <anarcat at debian.org>
Description:
libosip2-11 - Session Initiation Protocol (SIP) library
libosip2-dev - development files for the SIP library
Closes: 860287
Changes:
libosip2 (4.1.0-2.1) unstable; urgency=medium
.
* Non-maintainer upload to fix security issues (Closes: #860287)
* CVE-2016-10324: In libosip2 in GNU oSIP 4.1.0, a malformed SIP message
can lead to a heap buffer overflow in the osip_clrncpy() function
defined in osipparser2/osip_port.c.
* CVE-2016-10325: In libosip2 in GNU oSIP 4.1.0, a malformed SIP message
can lead to a heap buffer overflow in the _osip_message_to_str()
function defined in osipparser2/osip_message_to_str.c, resulting in a
remote DoS.
* CVE-2016-10326: In libosip2 in GNU oSIP 4.1.0, a malformed SIP message
can lead to a heap buffer overflow in the osip_body_to_str() function
defined in osipparser2/osip_body.c, resulting in a remote DoS.
* CVE-2017-7853: In libosip2 in GNU oSIP 5.0.0, a malformed SIP message
can lead to a heap buffer overflow in the msg_osip_body_parse()
function defined in osipparser2/osip_message_parse.c, resulting in a
remote DoS.
Checksums-Sha1:
8f7656a6ea32e059227449d4f18492e6cda61b3b 2054 libosip2_4.1.0-2.1.dsc
e88639f111a57580d4821f1a90d43d537e90f5a6 7672 libosip2_4.1.0-2.1.debian.tar.xz
Checksums-Sha256:
6cedcf2f341489312905b77d6f9a9b32da0d469a0aadc85006d1a13a4744190d 2054 libosip2_4.1.0-2.1.dsc
418d64e2e27483d5fd96d2aae1b600d11778aa08b3064cd9f636c6838aed1cfa 7672 libosip2_4.1.0-2.1.debian.tar.xz
Files:
14b018d9d434926255dc25561753ce9f 2054 comm optional libosip2_4.1.0-2.1.dsc
84620b026df025ee710757eaae930a2b 7672 comm optional libosip2_4.1.0-2.1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJY8mOLAAoJEHkhUlJ7dZIeEhAP/0O+1+qaeWI48RBlNitgOQ9b
iITVdfNnpp/USXFUJXcsxCHppsMZPolCMOUCcQitwkl9nLM88+6EiosoPxf2Dh/L
LCpThjnKNCMDKR1Q91l0pIXfcSHFk5Cxi2H8rC2FG8qW9Zn5MCJ/I4gLRSJPfvgx
IFg9Us89+mzOytmXX1sZPVXf3flhshjzk57BQowYSzFxzyVI0NdxNMVhec7cTfkz
NvbghRY5Wl+0FZ80BTDI7pcS/VnLqpVxZA8cvW3h+feTIj6lLprvsX11lOtY2Bg9
MQOTUhns9gCHk1esrVlBSMbidIDzUpBtx0fKV92UtNoV9DmdJ7PaDuau7oOC7otC
P9CJuAqodV9ksE7SKROXK7gDrJdbt5/NJ9bLaAkqFfOmJL6CMR/qrOJSrGrGllfT
9Cw5dBs2d1q3Ge4cxyQ+u830GPe4XhYm4b/Knu1NQ0XpEMnTwIxL832mwf+RmiPx
JdOSMceyELLuXUh1hPgL+GLMQACAY69y1x2wxbbylraHD4mjx4mLszPlqgM66roe
lD/MRBbQsdjbfCMe0xhMmCufKDap/DlWW8XCC3B+4zwNnNIqiboRahbjSJIn/y/i
nP3ZuTCGfb6AuQw7tXBgzxa7rpHY9egY9AgvAkM6exBZN1qYuhBMFgaRL/d4HLG/
w5hiER/cOye3Mm2BOE2t
=uHdh
-----END PGP SIGNATURE-----
Thank you for your contribution to Debian.
More information about the Pkg-voip-maintainers
mailing list