Bug#1036909: unblock: sofia-sip/1.12.11+20110422.1+1e14eea~dfsg-6

Evangelos Ribeiro Tzaras devrtz-debian at fortysixandtwo.eu
Mon May 29 10:52:03 BST 2023 

Package: release.debian.org
Severity: normal
User: release.debian.org at packages.debian.org
Usertags: unblock
X-Debbugs-Cc: sofia-sip at packages.debian.org
Control: affects -1 + src:sofia-sip

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Please unblock package sofia-sip

I was made aware of another CVE in sofia-sips STUN handling
and have made an upload (debdiff attached) to sid.

Thanks in advance.

PS: I was told I can do it until 12:00 CEST :))


unblock sofia-sip/1.12.11+20110422.1+1e14eea~dfsg-6


-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEuThlVLfdJmvLjimpkPDJsYprShkFAmR0dcMACgkQkPDJsYpr
ShmYKw/9Eyjl90pBOM3PRe15EzUhfL1L047bN73goqIuYgfqXOzSBSg/7agi07ux
JmefVPpilU/tTjtA6We+E7uU26ik41WpNeydgznY495Y1ijy0FZXAazJ8iThVNqL
BQWmY0jUITgUhYnpRke+mfQjvhIIibWN22k33aHb37u+WVsao/LYLJw90SseC3zp
mGd1oiFzP8WDMhUpH8RgDaecI8Uw2nygXKVQxGhXFOnXIgSffQvfLVgS95C2h1SF
9nNIUoKeQgcyw9cqwK+xAlQHFGnS72x+oF3sX289hQcXgPdeyxnLGdukUvCBxWgH
GlQ+etTXHzaNeNScCfMJArrSSk2fIxdkR+NcGbGS7nDbKC8ztpYOEeOpM5vR23WK
0gqLeb+VOApwZpE0HdNbXvSHrF1xOs8EyqsTl51lTfRIO++kf3S99Se7tdP1+PQL
8IpQXZQxeL9hcz8EXZMyNZIvVDLcJ8068W6IajD71rapGWSVW+VlPGbCDOpOpJLl
GQiK8+6QQhHmaWOyjzQxxKrjLdsac3JZQn25dinrRIIyBdzrvolPiaoTxFHeBYlQ
YguSjrUf38NOeZj0psL8sQPR+HPG3esGZltN5gqnChIm8k0qYDdPD0Bvmm67mH1J
+L+j3hM8uD84sY0HXRbSlaQBv65e48YtgPJNllzAKW43TWoC7io=
=Lb2h
-----END PGP SIGNATURE-----
-------------- next part --------------
diff -Nru sofia-sip-1.12.11+20110422.1+1e14eea~dfsg/debian/changelog sofia-sip-1.12.11+20110422.1+1e14eea~dfsg/debian/changelog
--- sofia-sip-1.12.11+20110422.1+1e14eea~dfsg/debian/changelog	2023-05-23 05:53:48.000000000 +0200
+++ sofia-sip-1.12.11+20110422.1+1e14eea~dfsg/debian/changelog	2023-05-29 11:36:38.000000000 +0200
@@ -1,3 +1,13 @@
+sofia-sip (1.12.11+20110422.1+1e14eea~dfsg-6) unstable; urgency=medium
+
+  * Add patch to fix reported CVE-2023-32307.
+    For further information see:
+    - CVE-2023-32307[0]
+    [0] https://security-tracker.debian.org/tracker/CVE-2023-32307
+    	https://www.cve.org/CVERecord?id=CVE-2023-32307 (closes: bug#1036847)
+
+ -- Evangelos Ribeiro Tzaras <devrtz-debian at fortysixandtwo.eu>  Mon, 29 May 2023 11:36:38 +0200
+
 sofia-sip (1.12.11+20110422.1+1e14eea~dfsg-5) unstable; urgency=medium
 
   * Add patch to fix reported CVE; add copyright of patch.
diff -Nru sofia-sip-1.12.11+20110422.1+1e14eea~dfsg/debian/patches/0008-stun-add-checks-for-attribute-length-before-read-fro.patch sofia-sip-1.12.11+20110422.1+1e14eea~dfsg/debian/patches/0008-stun-add-checks-for-attribute-length-before-read-fro.patch
--- sofia-sip-1.12.11+20110422.1+1e14eea~dfsg/debian/patches/0008-stun-add-checks-for-attribute-length-before-read-fro.patch	1970-01-01 01:00:00.000000000 +0100
+++ sofia-sip-1.12.11+20110422.1+1e14eea~dfsg/debian/patches/0008-stun-add-checks-for-attribute-length-before-read-fro.patch	2023-05-29 11:31:03.000000000 +0200
@@ -0,0 +1,36 @@
+From: Xu Biang <xubiang at hust.edu.cn>
+Date: Sat, 6 May 2023 05:51:55 +0800
+Subject: stun: add checks for attribute length before read from it
+
+(cherry picked from commit c3bbc50c88d168065de34ca01b9b1d98c1b0e810)
+---
+ libsofia-sip-ua/stun/stun_common.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/libsofia-sip-ua/stun/stun_common.c b/libsofia-sip-ua/stun/stun_common.c
+index 93b53ec..5540d16 100644
+--- a/libsofia-sip-ua/stun/stun_common.c
++++ b/libsofia-sip-ua/stun/stun_common.c
+@@ -250,6 +250,10 @@ int stun_parse_attr_error_code(stun_attr_t *attr, const unsigned char *p, unsign
+   uint32_t tmp;
+   stun_attr_errorcode_t *error;
+ 
++  if (len < 4) {
++    return -1;
++  }
++
+   memcpy(&tmp, p, sizeof(uint32_t));
+   tmp = ntohl(tmp);
+   error = (stun_attr_errorcode_t *) malloc(sizeof(*error));
+@@ -271,6 +275,11 @@ int stun_parse_attr_uint32(stun_attr_t *attr, const unsigned char *p, unsigned l
+ {
+   uint32_t tmp;
+   stun_attr_changerequest_t *cr;
++
++  if (len < 4) {
++    return -1;
++  }
++
+   cr = (stun_attr_changerequest_t *) malloc(sizeof(*cr));
+   memcpy(&tmp, p, sizeof(uint32_t));
+   cr->value = ntohl(tmp);
diff -Nru sofia-sip-1.12.11+20110422.1+1e14eea~dfsg/debian/patches/series sofia-sip-1.12.11+20110422.1+1e14eea~dfsg/debian/patches/series
--- sofia-sip-1.12.11+20110422.1+1e14eea~dfsg/debian/patches/series	2023-05-23 05:53:48.000000000 +0200
+++ sofia-sip-1.12.11+20110422.1+1e14eea~dfsg/debian/patches/series	2023-05-29 11:31:03.000000000 +0200
@@ -5,3 +5,4 @@
 0003-cve-fix-heap-overflow-by-two.patch
 0004-cve-check-stun-message-and-attr-len.patch
 0005-cve-dos-wrong-assert.patch
+0008-stun-add-checks-for-attribute-length-before-read-fro.patch

More information about the Pkg-voip-maintainers mailing list