Bug#934766: libexosip2: CVE-2014-10375
Salvatore Bonaccorso
carnil at debian.org
Wed Aug 14 16:25:00 BST 2019
Source: libexosip2
Version: 4.1.0-2.1
Severity: grave
Tags: security upstream
Hi,
The following vulnerability was published for libexosip2.
CVE-2014-10375[0]:
| handle_messages in eXtl_tls.c in eXosip before 5.0.0 mishandles a
| negative value in a content-length header.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2014-10375
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-10375
[1] http://git.savannah.nongnu.org/cgit/exosip.git/commit/?id=2549e421c14aff886629b8482c14af800f411070
Regards,
Salvatore
More information about the Pkg-voip-maintainers
mailing list