Bug#989815: marked as done (buster-pu: package ring/20190215.1.f152c98~ds1-1)

Debian Bug Tracking System Sat, 09 Oct 2021 04:20:44 -0700

Your message dated Sat, 09 Oct 2021 12:11:43 +0100
with message-id 
<896b7609401ceb0e1c537222e26587ea2351415d.ca...@adam-barratt.org.uk>
and subject line Closing bugs for fixes included in the 10.11 point release
has caused the Debian Bug report #989815,
regarding buster-pu: package ring/20190215.1.f152c98~ds1-1
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
989815: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989815
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: release.debian.org
Severity: normal
Tags: buster
User: [email protected]
Usertags: pu

Probably a bit late, but Salvatore just suggested to handle this via PUinstead of security upload.


The attached debdiff for ring fixes CVE-2021-21375 in Buster.

The fix has been already uploaded to Stretch some time ago and nobodycomplained up to now.


  Thorsten

PS. In order to avoid delays, I already uploaded the package ...

diff -Nru ring-20190215.1.f152c98~ds1/debian/changelog 
ring-20190215.1.f152c98~ds1/debian/changelog
--- ring-20190215.1.f152c98~ds1/debian/changelog        2019-02-19 
04:46:25.000000000 +0100
+++ ring-20190215.1.f152c98~ds1/debian/changelog        2021-04-22 
19:03:02.000000000 +0200
@@ -1,3 +1,14 @@
+ring (20190215.1.f152c98~ds1-1+deb10u1) buster; urgency=high
+
+  * Non-maintainer upload by the LTS Team.
+  * CVE-2021-21375 (Closes: #986815)
+    The embedded copy of pjproject is affected by this CVE.
+    Due to bad handling of two consecutive crafted answers to an INVITE,
+    the attacker is able to crash the server resulting in a denial of
+    service.
+
+ -- Thorsten Alteholz <[email protected]>  Thu, 22 Apr 2021 19:03:02 +0200
+
 ring (20190215.1.f152c98~ds1-1) unstable; urgency=medium
 
   * New upstream version.
diff -Nru ring-20190215.1.f152c98~ds1/debian/patches/CVE-2021-21375.patch 
ring-20190215.1.f152c98~ds1/debian/patches/CVE-2021-21375.patch
--- ring-20190215.1.f152c98~ds1/debian/patches/CVE-2021-21375.patch     
1970-01-01 01:00:00.000000000 +0100
+++ ring-20190215.1.f152c98~ds1/debian/patches/CVE-2021-21375.patch     
2021-04-22 19:03:02.000000000 +0200
@@ -0,0 +1,33 @@
+Index: 
ring-20190215.1.f152c98~ds1/daemon/contrib/tarballs-unpacked/pjproject-2.8.tar.gz/pjproject-2.8/pjmedia/src/pjmedia/sdp_neg.c
+===================================================================
+--- 
ring-20190215.1.f152c98~ds1.orig/daemon/contrib/tarballs-unpacked/pjproject-2.8.tar.gz/pjproject-2.8/pjmedia/src/pjmedia/sdp_neg.c
 2021-04-25 18:03:13.057447325 +0200
++++ 
ring-20190215.1.f152c98~ds1/daemon/contrib/tarballs-unpacked/pjproject-2.8.tar.gz/pjproject-2.8/pjmedia/src/pjmedia/sdp_neg.c
      2021-04-25 18:03:13.037446913 +0200
+@@ -304,7 +304,6 @@
+ {
+     pjmedia_sdp_session *new_offer;
+     pjmedia_sdp_session *old_offer;
+-    char media_used[PJMEDIA_MAX_SDP_MEDIA];
+     unsigned oi; /* old offer media index */
+     pj_status_t status;
+ 
+@@ -323,8 +322,19 @@
+     /* Change state to STATE_LOCAL_OFFER */
+     neg->state = PJMEDIA_SDP_NEG_STATE_LOCAL_OFFER;
+ 
++    /* When there is no active local SDP in state PJMEDIA_SDP_NEG_STATE_DONE,
++     * it means that the previous initial SDP nego must have been failed,
++     * so we'll just set the local SDP offer here.
++     */
++    if (!neg->active_local_sdp) {
++      neg->initial_sdp_tmp = NULL;
++      neg->initial_sdp = pjmedia_sdp_session_clone(pool, local);
++      neg->neg_local_sdp = pjmedia_sdp_session_clone(pool, local);
++
++      return PJ_SUCCESS;
++    }
++
+     /* Init vars */
+-    pj_bzero(media_used, sizeof(media_used));
+     old_offer = neg->active_local_sdp;
+     new_offer = pjmedia_sdp_session_clone(pool, local);
+ 
diff -Nru ring-20190215.1.f152c98~ds1/debian/patches/series 
ring-20190215.1.f152c98~ds1/debian/patches/series
--- ring-20190215.1.f152c98~ds1/debian/patches/series   2019-02-19 
04:46:25.000000000 +0100
+++ ring-20190215.1.f152c98~ds1/debian/patches/series   2021-04-22 
19:03:02.000000000 +0200
@@ -1,3 +1,5 @@
 dont-build-gnutls.patch
 namedirectory-old-restbed.patch
 jsoncpp-rename.patch
+
+CVE-2021-21375.patch

--- End Message ---

--- Begin Message ---

Package: release.debian.org
Version: 10.11

Hi,

The updates relating to these bugs were included in this morning's
10.11 point release for buster.

Regards,

Adam

--- End Message ---

Bug#989815: marked as done (buster-pu: package ring/20190215.1.f152c98~ds1-1)

Reply via email to