[ubuntu/disco-proposed] coturn (Accepted)

Steve Langasek steve.langasek at canonical.com
Fri Feb 1 01:36:08 UTC 2019

coturn ( unstable; urgency=medium

  * Sync to upstream
    - Fix CVE-2018-4058: coTURN unsafe loopback forwarding
      default configuration vulnerability
      - by default loopback disabled
      - no-loopback option removed!
      - allow-loopback-peers option added
    - Fix CVE-2018-4056: coTURN Administrator Web Portal
      SQL injection vulnerability
      - Web admin disabled by default
      - Web admin could listen on separated IP and port
      - web-admin-ip option added
      - web-admin-port option added
      - Web admin is disabled on STUN/TURN ports.
      - web-admin-listen-on-workers option added
        to enable web-admin STUN/TURN ports
    - Fix CVE-2018-4059: coTURN server unsafe telnet admin
      portal default configuration vulnerability
      - An empty cli-password with an allow-loopback-peers option is prohibited.
    - fix memory leak in read_config_file

Date: 2019-01-28 16:30:21.526242+00:00
Changed-By: Debian VoIP Team <pkg-voip-maintainers at lists.alioth.debian.org>
Signed-By: Steve Langasek <steve.langasek at canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Disco-changes mailing list