Bug#1021662: libosip2: CVE-2022-41550

Bastian Germann bage at debian.org
Wed Mar 15 00:09:56 GMT 2023 

Control: fixed -1 5.3.0-2.1

I have just uploaded a NMU to fix this. debdiff attached.
-------------- next part --------------
diff -Nru libosip2-5.3.0/debian/changelog libosip2-5.3.0/debian/changelog
--- libosip2-5.3.0/debian/changelog	2022-03-08 23:51:47.000000000 +0100
+++ libosip2-5.3.0/debian/changelog	2023-03-15 01:04:10.000000000 +0100
@@ -1,3 +1,10 @@
+libosip2 (5.3.0-2.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix CVE-2022-41550.
+
+ -- Bastian Germann <bage at debian.org>  Wed, 15 Mar 2023 01:04:10 +0100
+
 libosip2 (5.3.0-2) unstable; urgency=medium
 
   * enable testsuite
diff -Nru libosip2-5.3.0/debian/patches/CVE-2022-41550.patch libosip2-5.3.0/debian/patches/CVE-2022-41550.patch
--- libosip2-5.3.0/debian/patches/CVE-2022-41550.patch	1970-01-01 01:00:00.000000000 +0100
+++ libosip2-5.3.0/debian/patches/CVE-2022-41550.patch	2023-03-15 01:04:10.000000000 +0100
@@ -0,0 +1,22 @@
+Origin: upstream, f77f16c832c3c37589c2b749f01b644dc44a55b5
+From: Aymeric Moizard <amoizard at gmail.com>
+Date: Tue, 27 Sep 2022 11:03:15 +0200
+Subject: [bug #63103] https://savannah.gnu.org/bugs/?63103 * in multipart
+ bodies, LWS can't exist
+
+---
+ src/osipparser2/osip_body.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/osipparser2/osip_body.c b/src/osipparser2/osip_body.c
+index 6490e4f..c28b831 100644
+--- a/src/osipparser2/osip_body.c
++++ b/src/osipparser2/osip_body.c
+@@ -237,6 +237,7 @@ static int osip_body_parse_header(osip_body_t *body, const char *start_of_osip_b
+     i = __osip_find_next_crlf(start_of_line, &end_of_line);
+ 
+     if (i == -2) {
++      return OSIP_SYNTAXERROR;
+     } else if (i != 0)
+       return i; /* error case: no end of body found */
+ 
diff -Nru libosip2-5.3.0/debian/patches/series libosip2-5.3.0/debian/patches/series
--- libosip2-5.3.0/debian/patches/series	1970-01-01 01:00:00.000000000 +0100
+++ libosip2-5.3.0/debian/patches/series	2023-03-15 01:03:58.000000000 +0100
@@ -0,0 +1 @@
+CVE-2022-41550.patch

More information about the Pkg-voip-maintainers mailing list