Bug#905495: resiprocate: CVE-2018-12584
Salvatore Bonaccorso
carnil at debian.org
Sun Aug 5 14:18:02 BST 2018
Source: resiprocate
Version: 1:1.11.0~beta1-3
Severity: grave
Tags: patch security upstream
Hi,
The following vulnerability was published for resiprocate.
CVE-2018-12584[0]:
| The ConnectionBase::preparseNewBytes function in
| resip/stack/ConnectionBase.cxx in reSIProcate through 1.10.2 allows
| remote attackers to cause a denial of service (buffer overflow) or
| possibly execute arbitrary code when TLS communication is enabled.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-12584
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12584
[1] http://joachimdezutter.webredirect.org/advisory.html
[2] https://github.com/resiprocate/resiprocate/commit/2cb291191c93c7c4e371e22cb89805a5b31d6608
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the Pkg-voip-maintainers
mailing list