Bug#1021662: libosip2: CVE-2022-41550

Aymeric Moizard amoizard at gmail.com
Wed Oct 12 19:49:26 BST 2022


Hi,

I made an official version which includes the fix.
http://ftp.gnu.org/gnu/osip/libosip2-5.3.1.tar.gz

Best Regards,
Aymeric

Le mer. 12 oct. 2022 à 17:39, Salvatore Bonaccorso <carnil at debian.org> a
écrit :

> Source: libosip2
> Version: 5.3.0-2
> Severity: important
> Tags: security upstream
> Forwarded: https://savannah.gnu.org/bugs/?63103
> X-Debbugs-Cc: carnil at debian.org, Debian Security Team <
> team at security.debian.org>
>
> Hi,
>
> The following vulnerability was published for libosip2.
>
> CVE-2022-41550[0]:
> | GNU oSIP v5.3.0 was discovered to contain an integer overflow via the
> | component osip_body_parse_header.
>
>
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
>
> For further information see:
>
> [0] https://security-tracker.debian.org/tracker/CVE-2022-41550
>     https://www.cve.org/CVERecord?id=CVE-2022-41550
> [1] https://savannah.gnu.org/bugs/?63103
>
> Please adjust the affected versions in the BTS as needed.
>
> Regards,
> Salvatore
>
>

-- 
Antisip - http://www.antisip.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-voip-maintainers/attachments/20221012/e168a45b/attachment.htm>


More information about the Pkg-voip-maintainers mailing list