Accepted coturn 4.5.0.5-1+deb9u2 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 26 Jun 2020 13:49:31 +0200
Source: coturn
Architecture: source
Version: 4.5.0.5-1+deb9u2
Distribution: stretch-security
Urgency: high
Maintainer: Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 951876
Changes:
coturn (4.5.0.5-1+deb9u2) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* specially crafted HTTP POST request can lead to heap overflow which can
result in information leak (CVE-2020-6061) (Closes: #951876)
* specially crafted HTTP POST request can lead to server crash and denial of
service (CVE-2020-6062) (Closes: #951876)
* init with zero any new or reused stun buffers (CVE-2020-4067)
Checksums-Sha1:
9553d1eb253504965b95a34cf394a219d50e8812 2313 coturn_4.5.0.5-1+deb9u2.dsc
068e8caaaf25e7473d05ce699fc1c59762d3c9b5 12276 coturn_4.5.0.5-1+deb9u2.debian.tar.xz
Checksums-Sha256:
019515775e683ef3e50bbc278c9205b9c23b1016472a562e890f49431e3e8525 2313 coturn_4.5.0.5-1+deb9u2.dsc
601982e3375806ab777767a126d4ba902a52e40e6e902e3f3c301189824afc30 12276 coturn_4.5.0.5-1+deb9u2.debian.tar.xz
Files:
9347546755e1ad4376e68ab1ac3460f4 2313 net extra coturn_4.5.0.5-1+deb9u2.dsc
377596383c02c0c36a90d56fe5c0f3a7 12276 net extra coturn_4.5.0.5-1+deb9u2.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl7140dfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89E6g0P/R5o7W/aUEJcf9hmqb6j4DcEIKXxyBot
IK4Zu2Hqe5Q91MT5UIAbnk9eZOUA9N4/4CC+5fSEDIj5eU4bs1mFDFwpXqIDv8MJ
HVWTyAyIOgSya2auxDdmtkynGGcF4RM87nOLklr2jgI17i5vfZpwBKnl0+CMzf/n
tTCZuvh4omAwqv8uz2riYORb+h4QsXs8Zjk0eI+ae3bQUaKS0FEkFsJTxQkwA4ZI
O2mXlXWmjFDLfxN67m6LzbfD6EYFRL/lGu9qrtWOH520jI6FeLI8115RgPdHV+1v
6GQnHuUlsb98aMQ4P9ekYT9KQluZ4zc0MY2UWmli4lZhmdj3MPm8jYum/ZxwSPnk
gPf89qUahvPlB4D5jfr1BfZdHTIupNvjdUQFUoz22sOqeDmJvVxyQrLcztawBqpy
QOCggl4chu1ia28dS/vz6A32z1+8oawsdMp1caUr/I60A/fcWb/OLkgki2JCEoZ4
p/cEWdELraRp9XXaSy6ApEVJfEakScvub05X3/JuReu+bKwSIweB9MJYrI0d40Dh
jsCj7XNBNKQIbzidUEVWFUV+nzXZI+6ybQdAjBU2krae4pWhUeTxVXeyUxucdzin
tUC4ZOKcC0jMhqxbnC0x4gBsHDNlz8NhVcz9qljsMUBtCIIQeJbFs3oqcBzx8ARg
F3Aj2RwvvtUM
=Qxh5
-----END PGP SIGNATURE-----