Back to libosip2 PTS page

Accepted libosip2 4.1.0-2.1 (source) into unstable

To: debian-devel-changes@lists.debian.org
Subject: Accepted libosip2 4.1.0-2.1 (source) into unstable
From: Antoine Beaupré <anarcat@debian.org>
Date: Sat, 15 Apr 2017 18:33:46 +0000
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1czSW2-00033T-2V@fasolo.debian.org>
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 14 Apr 2017 16:21:21 -0400
Source: libosip2
Binary: libosip2-dev libosip2-11
Architecture: source
Version: 4.1.0-2.1
Distribution: unstable
Urgency: medium
Maintainer: Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org>
Changed-By: Antoine Beaupré <anarcat@debian.org>
Description:
 libosip2-11 - Session Initiation Protocol (SIP) library
 libosip2-dev - development files for the SIP library
Closes: 860287
Changes:
 libosip2 (4.1.0-2.1) unstable; urgency=medium
 .
   * Non-maintainer upload to fix security issues (Closes: #860287)
   * CVE-2016-10324: In libosip2 in GNU oSIP 4.1.0, a malformed SIP message
     can lead to a heap buffer overflow in the osip_clrncpy() function
     defined in osipparser2/osip_port.c.
   * CVE-2016-10325: In libosip2 in GNU oSIP 4.1.0, a malformed SIP message
     can lead to a heap buffer overflow in the _osip_message_to_str()
     function defined in osipparser2/osip_message_to_str.c, resulting in a
     remote DoS.
   * CVE-2016-10326: In libosip2 in GNU oSIP 4.1.0, a malformed SIP message
     can lead to a heap buffer overflow in the osip_body_to_str() function
     defined in osipparser2/osip_body.c, resulting in a remote DoS.
   * CVE-2017-7853: In libosip2 in GNU oSIP 5.0.0, a malformed SIP message
     can lead to a heap buffer overflow in the msg_osip_body_parse()
     function defined in osipparser2/osip_message_parse.c, resulting in a
     remote DoS.
Checksums-Sha1:
 8f7656a6ea32e059227449d4f18492e6cda61b3b 2054 libosip2_4.1.0-2.1.dsc
 e88639f111a57580d4821f1a90d43d537e90f5a6 7672 libosip2_4.1.0-2.1.debian.tar.xz
Checksums-Sha256:
 6cedcf2f341489312905b77d6f9a9b32da0d469a0aadc85006d1a13a4744190d 2054 libosip2_4.1.0-2.1.dsc
 418d64e2e27483d5fd96d2aae1b600d11778aa08b3064cd9f636c6838aed1cfa 7672 libosip2_4.1.0-2.1.debian.tar.xz
Files:
 14b018d9d434926255dc25561753ce9f 2054 comm optional libosip2_4.1.0-2.1.dsc
 84620b026df025ee710757eaae930a2b 7672 comm optional libosip2_4.1.0-2.1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJY8mOLAAoJEHkhUlJ7dZIeEhAP/0O+1+qaeWI48RBlNitgOQ9b
iITVdfNnpp/USXFUJXcsxCHppsMZPolCMOUCcQitwkl9nLM88+6EiosoPxf2Dh/L
LCpThjnKNCMDKR1Q91l0pIXfcSHFk5Cxi2H8rC2FG8qW9Zn5MCJ/I4gLRSJPfvgx
IFg9Us89+mzOytmXX1sZPVXf3flhshjzk57BQowYSzFxzyVI0NdxNMVhec7cTfkz
NvbghRY5Wl+0FZ80BTDI7pcS/VnLqpVxZA8cvW3h+feTIj6lLprvsX11lOtY2Bg9
MQOTUhns9gCHk1esrVlBSMbidIDzUpBtx0fKV92UtNoV9DmdJ7PaDuau7oOC7otC
P9CJuAqodV9ksE7SKROXK7gDrJdbt5/NJ9bLaAkqFfOmJL6CMR/qrOJSrGrGllfT
9Cw5dBs2d1q3Ge4cxyQ+u830GPe4XhYm4b/Knu1NQ0XpEMnTwIxL832mwf+RmiPx
JdOSMceyELLuXUh1hPgL+GLMQACAY69y1x2wxbbylraHD4mjx4mLszPlqgM66roe
lD/MRBbQsdjbfCMe0xhMmCufKDap/DlWW8XCC3B+4zwNnNIqiboRahbjSJIn/y/i
nP3ZuTCGfb6AuQw7tXBgzxa7rpHY9egY9AgvAkM6exBZN1qYuhBMFgaRL/d4HLG/
w5hiER/cOye3Mm2BOE2t
=uHdh
-----END PGP SIGNATURE-----