Bug#1016974: sofia-sip: CVE-2022-31001 CVE-2022-31002 CVE-2022-31003
Evangelos Ribeiro Tzaras
devrtz-debian at fortysixandtwo.eu
Sat Aug 13 04:18:23 BST 2022
control -1 tags pending
Hi again,
On Thu, 2022-08-11 at 23:52 +0200, Moritz Muehlenhoff wrote:
> On Thu, Aug 11, 2022 at 11:08:49PM +0200, Evangelos Ribeiro Tzaras wrote:
> >
> > > If you fix the vulnerabilities please also make sure to include the
> > > CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
> >
> > ACK.
> > Is there a specific format needed when referencing the CVE?
>
> Not really, just mention them in debian/changelog :-)
alright, so the patches apply cleanly and
d/changelog mentions the CVEs (and closes this bug).
> In addition we'll keep security-tracker.debian.org updated when the upload
> reaches unstable.
>
> Once the fix is in unstable (and if there are issues reported after a few
> days) we can sort out an update for bullseye-security.
Sounds good to me! I think bullseye-security would be great,
because I'm certain it is also vulnerable
(oldstable potentially too - haven't checked)
--
Cheers,
Evangelos
PGP: B938 6554 B7DD 266B CB8E 29A9 90F0 C9B1 8A6B 4A19
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 878 bytes
Desc: This is a digitally signed message part
URL: <http://alioth-lists.debian.net/pipermail/pkg-voip-maintainers/attachments/20220813/f79f2dc9/attachment.sig>
More information about the Pkg-voip-maintainers
mailing list