[ubuntu/kinetic-security] sofia-sip 1.12.11+20110422.1+1e14eea~dfsg-3ubuntu0.1 (Accepted)
David Fernandez Gonzalez
david.fernandezgonzalez at canonical.com
Tue Mar 7 13:02:04 UTC 2023
sofia-sip (1.12.11+20110422.1+1e14eea~dfsg-3ubuntu0.1) kinetic-security; urgency=medium
* SECURITY UPDATE: DoS with crafted UDP package due to assert
- debian/patches/CVE-2022-47516.patch: remove assert that can
reasonably be expected to happen in libsofia-sip-ua/tport/tport.c.
- CVE-2022-47516
* SECURITY UPDATE: heap overflow when handling STUN packages.
- debian/patches/CVE-2023-22741.patch: stun: add checks for STUN
message len and attr len in
libsofia-sip-ua/stun/sofia-sip/stun_common.h and
libsofia-sip-ua/stun/stun_common.c.
- CVE-2023-22741
Date: 2023-03-07 10:54:08.632245+00:00
Changed-By: David Fernandez Gonzalez <david.fernandezgonzalez at canonical.com>
https://launchpad.net/ubuntu/+source/sofia-sip/1.12.11+20110422.1+1e14eea~dfsg-3ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the kinetic-changes
mailing list