Accepted coturn 4.5.0.5-1+deb9u1 (source) into proposed-updates->stable-new, proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 21 Jan 2019 09:31:26 +0100
Source: coturn
Binary: coturn
Architecture: source
Version: 4.5.0.5-1+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org>
Changed-By: Mészáros Mihály <misi@majd.eu>
Description:
coturn - TURN and STUN server for VoIP
Changes:
coturn (4.5.0.5-1+deb9u1) stretch-security; urgency=high
.
* HotFix: for 3 vulnerabilities
.
For more details see:
- CVE-2018-4056
coTURN Administrator Web Portal SQL injection vulnerability
.
Fix: Disable (hardcocded) web admin interface until 4.5.1.0,
where it will be fixed more correctly.
.
- CVE-2018-4058
coTURN TURN server unsafe loopback forwarding default configuration
vulnerability
.
Fix: Disable loopback-peer functionality by default.
.
- CVE-2018-4059
coTURN server unsafe telnet admin portal default configuration
vulnerability
.
Fix: Disable telnet cli if the cli-password is empty.
Checksums-Sha1:
0419a2168706bb66d5cd209acee21a904d04a4a5 1813 coturn_4.5.0.5-1+deb9u1.dsc
30ff3a98d3749c7a2acaa3ca6928a7b625771268 395108 coturn_4.5.0.5.orig.tar.gz
c2330496c0fe26ac4641091cef497c9936886c17 10644 coturn_4.5.0.5-1+deb9u1.debian.tar.xz
bb29fd074992e3fb9ee8a3fea69e952753f3c116 7490 coturn_4.5.0.5-1+deb9u1_amd64.buildinfo
Checksums-Sha256:
8c1cfa777955deac838b9c5c21b25a01d25216e79b6665c5d1d8d774b98321fd 1813 coturn_4.5.0.5-1+deb9u1.dsc
8484fa6c8d4aab43e1161c02eb8914154a21178b05f8a285e04094ddbb64acf4 395108 coturn_4.5.0.5.orig.tar.gz
1c540bc7569cb421d39b479798fc48112dc19746ca3fddce2679c535f9f9e526 10644 coturn_4.5.0.5-1+deb9u1.debian.tar.xz
c69811b9af4cbb6a8ac460f1b66a3b2f666a5f6e4e98277901d1f79ea7c93717 7490 coturn_4.5.0.5-1+deb9u1_amd64.buildinfo
Files:
23c5a132f3916e72e28c30f30d41d29d 1813 net extra coturn_4.5.0.5-1+deb9u1.dsc
e92873eef1a92a3d5742afc3860b6ea5 395108 net extra coturn_4.5.0.5.orig.tar.gz
2dc4a52dfcfc8fb25afa11691310d442 10644 net extra coturn_4.5.0.5-1+deb9u1.debian.tar.xz
8cc91969e1704ff44a756989c5aefdbd 7490 net extra coturn_4.5.0.5-1+deb9u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCgAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAlxJ3oEACgkQ3rYcyPpX
RFv6fAf+KVGe0giPdWGngcuDCobpXhmshGP1Xlkpzs55O4t1NWBRdWyztQpR26t/
lHxuBT5uzaQWnVm/v8l0buEB2IJ9fTURm+SH/DAgtehmxRH0GctdrfmYlJijo4pP
LhmsJSyoPnAODIfTGfJUczxhLdjt208f11XWGJvDBF/8Fu/Wgjqw03AjEFdvEYca
MphtTqCoAezze0zCJW+vzFqgoxCeYpIRj9v8zDkE/lKRgx48oftwCO8cNMDJfYFR
T8DFb+o0AR6RTbZOE8Q1p2CB/UwyA1WSK6nheFz6oUxqiIumQ0dsWC9I3yTPT+gt
R1vw8hzO/3o7JwKOCpFF4A+XVHAwbQ==
=Xnkb
-----END PGP SIGNATURE-----