Accepted coturn 4.5.1.1-1.1+deb10u1 (source) into proposed-updates->stable-new, proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 26 Jun 2020 10:49:56 +0200
Source: coturn
Architecture: source
Version: 4.5.1.1-1.1+deb10u1
Distribution: buster-security
Urgency: high
Maintainer: Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 951876
Changes:
coturn (4.5.1.1-1.1+deb10u1) buster-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* specially crafted HTTP POST request can lead to heap overflow which can
result in information leak (CVE-2020-6061) (Closes: #951876)
* specially crafted HTTP POST request can lead to server crash and denial of
service (CVE-2020-6062) (Closes: #951876)
* init with zero any new or reused stun buffers (CVE-2020-4067)
Checksums-Sha1:
82ad757f79403b00b0beb31eda8275e597e128dc 2391 coturn_4.5.1.1-1.1+deb10u1.dsc
6f0554be9347aa085dc98a0babb9716e1463270f 423160 coturn_4.5.1.1.orig.tar.gz
680583e97ae13d80505c0599114cccd9adec4727 12972 coturn_4.5.1.1-1.1+deb10u1.debian.tar.xz
Checksums-Sha256:
b38dac577ebc0b45077d26a5db8713e4767ca735e122f7362c7202b2597310d7 2391 coturn_4.5.1.1-1.1+deb10u1.dsc
e020ce90ea0301213451d37099185ff25d93f97fa0f2b48bf21b2946fc3696a4 423160 coturn_4.5.1.1.orig.tar.gz
2caa64b8429079815d9e49091b9ff95e7f715f521290e3dac235807c4ed23fde 12972 coturn_4.5.1.1-1.1+deb10u1.debian.tar.xz
Files:
21bf6b5aedc4601b72843d95918ca4db 2391 net optional coturn_4.5.1.1-1.1+deb10u1.dsc
379ee380c00c4bc88c27e5fe50b8c8ab 423160 net optional coturn_4.5.1.1.orig.tar.gz
68f50abf7578d0ede3425c4e1e0a9c4a 12972 net optional coturn_4.5.1.1-1.1+deb10u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl713z9fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89E8mwP/iy40iDAI9jIh8YHPIycsN5sMlHSWezr
HA3HgYMmk4aT0SfenoPtGD7NjbEJNpSRU4AF9LlHQG5li1DaRextJG8D6BnAMxeU
B6g7oNoSv2La+C7r2glaU2CXfLo9ph0cJRsfxyXGonjZnmtvpaOFp7RZdubia4hK
+15B7RrDxv5Z4tD6Y0X5iGs+BoB9kUTpFy60ja9DLlTgZ2tBIzjp09tAuxka+8yU
tuafgo3bAT8bihox0XUURo4/s54R+wKtifSLJ4/oy5d3E8yNHrQ1QkgQN2T2fNkC
9qQiBWSaK7N0Qb5ZAKJ9tIsS8P2x4/eFZuUqrj9+phyYCDcIQT2LSicEM0QEzGwO
rfCukz/Gz97+No+4akf4cemu70mPKOu2xTdR7JW9rz0YBVE8WhfzbnjM3OwH05lf
Y/XJCMYcgUQEDyXbxahh24CTm4++uDpDcyClIVQgII/YqcvFtR7EwveLtRKUMHjt
b4pavjgiJJc7bQVUc5zpfwEcHocvXHfL5j+zgc4PIGUl+EI3mnIpx9PcV9Y46MIW
v740ghmOaMhIEdGLB1EbC/7m/t07Miv9211nihK9hUShemqDPC9fuE07F/k3xYm0
oXOCUHaEZPWDfmo/vEE59GhxKf/vToG+P8SCFnKRunydNYBodpY2JTJQGpK2FPTS
3oVV3EZ1STe9
=+S0J
-----END PGP SIGNATURE-----