Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker
Commits: 1e2886bc by Roberto C. Sánchez at 2024-09-14T18:03:57-04:00 Update information for CVE-2021-37706/ring This was actually fixed in 20230206.0~ds1-1, as shown by debian/changelog. This can further be confirmed by looking at the state of the file in question (stun_msg.c) when the immediately preceding upstream version 20230130.0~ds1 was imported (but which was not released as a Debian package, since 20230206.0~ds1 followed shortly after) and comparing to the patch of the upstream commit identified as the superseding fix (4cea72a4db91c6f0a0984b82edf2f147eda289aa). The changes in that commit are clearly present in stun_msg.c as it existed when 20230206.0~ds1-1 was released as a Debian package. Link: https://salsa.debian.org/pkg-voip-team/jami/-/blob/upstream/20230206.0_ds1/daemon/contrib/tarballs-unpacked/pjproject-3b78ef1c48732d238ba284cdccb04dc6de79c54f.tar.gz/pjproject-3b78ef1c48732d238ba284cdccb04dc6de79c54f/pjnath/src/pjnath/stun_msg.c?ref_type=tags&blame=0 - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -242357,7 +242357,7 @@ CVE-2021-37706 (PJSIP is a free and open source multimedia communication library - asterisk 1:18.10.1~dfsg+~cs6.10.40431411-1 [stretch] - asterisk <not-affected> (Vulnerable code not present) - pjproject <removed> - - ring 20230922.0~ds1-1 (bug #1014998; bug #1057379) + - ring 20230206.0~ds1-1 (bug #1014998; bug #1057379) NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-29945 NOTE: https://downloads.asterisk.org/pub/security/AST-2022-004.html NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-2qpg-f6wf-w984 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1e2886bc2b690240c3e2d2434d3f5dd0f9de9b9f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1e2886bc2b690240c3e2d2434d3f5dd0f9de9b9f You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
