Accepted libosip2 3.6.0-4+deb7u1 (source amd64) into oldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 16 Apr 2017 19:03:02 +0200
Source: libosip2
Binary: libosip2-dev libosip2-7
Architecture: source amd64
Version: 3.6.0-4+deb7u1
Distribution: wheezy-security
Urgency: high
Maintainer: Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org>
Changed-By: Thorsten Alteholz <debian@alteholz.de>
Description:
libosip2-7 - Session Initiation Protocol (SIP) library
libosip2-dev - development files for the SIP library
Changes:
libosip2 (3.6.0-4+deb7u1) wheezy-security; urgency=high
.
* Non-maintainer upload by the Wheezy LTS Team.
* CVE-2016-10324
In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to
a heap buffer overflow in the osip_clrncpy() function defined in
osipparser2/osip_port.c.
* CVE-2016-10325
In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a
heap buffer overflow in the _osip_message_to_str() function defined
in osipparser2/osip_message_to_str.c, resulting in a remote DoS.
* CVE-2016-10326
In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to
a heap buffer overflow in the osip_body_to_str() function defined
in osipparser2/osip_body.c, resulting in a remote DoS.
* CVE-2017-7853
In libosip2 in GNU oSIP 5.0.0, a malformed SIP message can lead to a
heap buffer overflow in the msg_osip_body_parse() function defined
in osipparser2/osip_message_parse.c, resulting in a remote DoS.
Checksums-Sha1:
50104ce933e4f95c1258c0860da1b61fd22fd794 2222 libosip2_3.6.0-4+deb7u1.dsc
6d81be8180a46e045fce676d55913433a5e147c8 598496 libosip2_3.6.0.orig.tar.gz
b9bd988ebfb8ea2160ebe840d681ab5036ba83fe 8939 libosip2_3.6.0-4+deb7u1.debian.tar.gz
d810b7f92972e6301989053be12a1670ecf8efa8 154140 libosip2-dev_3.6.0-4+deb7u1_amd64.deb
0f49ddc429c007da879c4a125151c0e8a71500d2 104944 libosip2-7_3.6.0-4+deb7u1_amd64.deb
Checksums-Sha256:
9e6e18b955a973b8008e86dcc1c174920c71c374965674537a72c95b25a93040 2222 libosip2_3.6.0-4+deb7u1.dsc
c9a18b0c760506d150017cdb1fa5c1cefe12b8dcbbf9a7e784eb75af376e96cd 598496 libosip2_3.6.0.orig.tar.gz
08748c8d31d8356a073a9b4f5b4e7ea9bc9a1133750e4c567ccc29ecf1fc22b9 8939 libosip2_3.6.0-4+deb7u1.debian.tar.gz
9f2c14cdf9766406f11479d688f40f82ea7129ab1e4b7d3caf935148e3ad882f 154140 libosip2-dev_3.6.0-4+deb7u1_amd64.deb
1e61393ff7956f520a64e1cc401b508fa70008c7df4bd4690c52e19bade4c558 104944 libosip2-7_3.6.0-4+deb7u1_amd64.deb
Files:
837ade03f8924c50d56acb713e49d5d7 2222 comm optional libosip2_3.6.0-4+deb7u1.dsc
92fd1c1698235a798497887db159c9b3 598496 comm optional libosip2_3.6.0.orig.tar.gz
44ef4b1c03aeba7f7539998f158d69c1 8939 comm optional libosip2_3.6.0-4+deb7u1.debian.tar.gz
ef53d7b315fde370667d4204099496da 154140 libdevel optional libosip2-dev_3.6.0-4+deb7u1_amd64.deb
f15b034d7fea7981caac407762c07c69 104944 libs optional libosip2-7_3.6.0-4+deb7u1_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAljzr51fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh
bHRlaG9sei5kZQAKCRCW/KwNOHtYR1PmD/43D0ctwV6WT9hjDOZfxlGdCBT3oGwu
TVubqOX8V5MSoKCunQqO98y3IGvazw0QN4MtAMSAb16pITPLEFTJevGDKjPH78ov
jT+rkumbWvgmBhkQzwYoaz404J+p3IP3oNtXKLcbUCmc+GHL01Gvti+wTQYbwsJD
9wKc28WUkVm5Gc8dfpyahg2nfs9sb4r95C9hkF1kVyPLjiMXTFxoSSgnCBpr37Xu
ZQ6tjLLgXia/oHO7x/le0m4IeTcDVXI4/gzAlMQ2bdQWaiy7W+70g6rVelwg9Fc4
EPEDxoulVPg6QP3/V9vJ/g4wEOJ/k+wd04MND0gD8Itaqjy9rHEjHRHDlEcKDkVU
hq6R1DCoFDODqRqohv0fhb22thTBF4+465U61/9vF5NGyFDq15opyYeZ/EmmCA/P
IrqOAddXVvKpx0YC2V48l2whsPH4VtXuXNTT7szKjGBchhylcWQsdRJTJoiBkXlX
SzidWmTLdEHTQVRpFGGt0a5UNG1bUQl/uEmsIFTGLaViRD4Ly/4kczeE2HEA9NYB
woy/UH0HwnXMGy+2+fC39GJubIyU25y/WmR9qZyjfwRlAHCJKospz+pK56j2msTU
OllwkozAzj8C/O6f0XCHC/rVLxQH0JEUjlx6BVKKhMjJpaozuxiwf5v6hO9yhc0t
m0D7wUQYwZy0Ng==
=qp7+
-----END PGP SIGNATURE-----