Bug#1057379: ring: please apply patch to fix CVE-2021-37706
Gianfranco Costamagna
locutusofborg at debian.org
Mon Dec 4 09:31:26 GMT 2023
Package: ring
Version: 20230922.0~ds2-1
Severity: important
Tags: patch
Dear Maintainer,
In Ubuntu, the attached patch was applied to achieve the following:
* SECURITY UPDATE: Remote Code Execution
- debian/patches/CVE-2021-37706.patch: fixed a RCE in PJSIP module
- CVE-2021-37706
Thanks for considering the patch.
*** /tmp/tmpqqf2a9ke/ring_20230922.0~ds2-1ubuntu1.debdiff
diff -Nru ring-20230922.0~ds2/debian/patches/CVE-2021-37706.patch ring-20230922.0~ds2/debian/patches/CVE-2021-37706.patch
--- ring-20230922.0~ds2/debian/patches/CVE-2021-37706.patch 1970-01-01 01:00:00.000000000 +0100
+++ ring-20230922.0~ds2/debian/patches/CVE-2021-37706.patch 2023-12-04 10:22:49.000000000 +0100
@@ -0,0 +1,20 @@
+commit 15663e3f37091069b8c98a7fce680dc04bc8e865
+Author: sauwming <ming at teluu.com>
+Date: Tue Aug 10 11:53:25 2021 +0800
+
+ Merge pull request from GHSA-2qpg-f6wf-w984
+
+Index: ./daemon/contrib/tarballs-unpacked/pjproject-97f45c2040c2b0cf6f3349a365b0e900a2267333.tar.gz/pjproject-97f45c2040c2b0cf6f3349a365b0e900a2267333/pjnath/src/pjnath/stun_msg.c
+===================================================================
+--- ring-20190215.1.f152c98~ds1.orig/daemon/contrib/tarballs-unpacked/pjproject-2.8.tar.gz/pjproject-2.8/pjnath/src/pjnath/stun_msg.c 2023-04-16 11:27:08.746997850 +0200
++++ ./daemon/contrib/tarballs-unpacked/pjproject-97f45c2040c2b0cf6f3349a365b0e900a2267333.tar.gz/pjproject-97f45c2040c2b0cf6f3349a365b0e900a2267333/pjnath/src/pjnath/stun_msg.c 2023-04-16 11:27:08.746997850 +0200
+@@ -1767,6 +1767,9 @@
+ /* Get pointer to the string in the message */
+ value.ptr = ((char*)buf + ATTR_HDR_LEN + 4);
+ value.slen = attr->hdr.length - 4;
++ /* Make sure the length is never negative */
++ if (value.slen < 0)
++ value.slen = 0;
+
+ /* Copy the string to the attribute */
+ pj_strdup(pool, &attr->reason, &value);
diff -Nru ring-20230922.0~ds2/debian/patches/series ring-20230922.0~ds2/debian/patches/series
--- ring-20230922.0~ds2/debian/patches/series 2023-10-21 19:04:56.000000000 +0200
+++ ring-20230922.0~ds2/debian/patches/series 2023-12-04 10:20:40.000000000 +0100
@@ -3,3 +3,4 @@
2000-jsoncpp-rename.patch
2010-dont-force-build-pkgs.patch
2020-system-md4c-tidy.patch
+CVE-2021-37706.patch
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-voip-maintainers/attachments/20231204/9b39fc2b/attachment.sig>
More information about the Pkg-voip-maintainers
mailing list