Debian Package Tracker

From: Mészáros Mihály <misi@majd.eu>
To:
Subject: Accepted coturn 4.5.0.5-1+deb9u1 (source) into stable->embargoed, stable
Date: Mon, 28 Jan 2019 07:34:05 +0000
Signed by: Yves-Alexis Perez <corsac@corsac.net>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 21 Jan 2019 09:31:26 +0100
Source: coturn
Binary: coturn
Architecture: source
Version: 4.5.0.5-1+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org>
Changed-By: Mészáros Mihály <misi@majd.eu>
Description:
 coturn     - TURN and STUN server for VoIP
Changes:
 coturn (4.5.0.5-1+deb9u1) stretch-security; urgency=high
 .
   *  HotFix: for 3 vulnerabilities
 .
     For more details see:
     - CVE-2018-4056
        coTURN Administrator Web Portal SQL injection vulnerability
 .
        Fix: Disable (hardcocded) web admin interface until 4.5.1.0,
        where it will be fixed more correctly.
 .
     - CVE-2018-4058
        coTURN TURN server unsafe loopback forwarding default configuration
        vulnerability
 .
        Fix: Disable loopback-peer functionality by default.
 .
     - CVE-2018-4059
        coTURN server unsafe telnet admin portal default configuration
        vulnerability
 .
        Fix: Disable telnet cli if the cli-password is empty.
Checksums-Sha1:
 0419a2168706bb66d5cd209acee21a904d04a4a5 1813 coturn_4.5.0.5-1+deb9u1.dsc
 30ff3a98d3749c7a2acaa3ca6928a7b625771268 395108 coturn_4.5.0.5.orig.tar.gz
 c2330496c0fe26ac4641091cef497c9936886c17 10644 coturn_4.5.0.5-1+deb9u1.debian.tar.xz
 bb29fd074992e3fb9ee8a3fea69e952753f3c116 7490 coturn_4.5.0.5-1+deb9u1_amd64.buildinfo
Checksums-Sha256:
 8c1cfa777955deac838b9c5c21b25a01d25216e79b6665c5d1d8d774b98321fd 1813 coturn_4.5.0.5-1+deb9u1.dsc
 8484fa6c8d4aab43e1161c02eb8914154a21178b05f8a285e04094ddbb64acf4 395108 coturn_4.5.0.5.orig.tar.gz
 1c540bc7569cb421d39b479798fc48112dc19746ca3fddce2679c535f9f9e526 10644 coturn_4.5.0.5-1+deb9u1.debian.tar.xz
 c69811b9af4cbb6a8ac460f1b66a3b2f666a5f6e4e98277901d1f79ea7c93717 7490 coturn_4.5.0.5-1+deb9u1_amd64.buildinfo
Files:
 23c5a132f3916e72e28c30f30d41d29d 1813 net extra coturn_4.5.0.5-1+deb9u1.dsc
 e92873eef1a92a3d5742afc3860b6ea5 395108 net extra coturn_4.5.0.5.orig.tar.gz
 2dc4a52dfcfc8fb25afa11691310d442 10644 net extra coturn_4.5.0.5-1+deb9u1.debian.tar.xz
 8cc91969e1704ff44a756989c5aefdbd 7490 net extra coturn_4.5.0.5-1+deb9u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAlxJ3oEACgkQ3rYcyPpX
RFv6fAf+KVGe0giPdWGngcuDCobpXhmshGP1Xlkpzs55O4t1NWBRdWyztQpR26t/
lHxuBT5uzaQWnVm/v8l0buEB2IJ9fTURm+SH/DAgtehmxRH0GctdrfmYlJijo4pP
LhmsJSyoPnAODIfTGfJUczxhLdjt208f11XWGJvDBF/8Fu/Wgjqw03AjEFdvEYca
MphtTqCoAezze0zCJW+vzFqgoxCeYpIRj9v8zDkE/lKRgx48oftwCO8cNMDJfYFR
T8DFb+o0AR6RTbZOE8Q1p2CB/UwyA1WSK6nheFz6oUxqiIumQ0dsWC9I3yTPT+gt
R1vw8hzO/3o7JwKOCpFF4A+XVHAwbQ==
=Xnkb
-----END PGP SIGNATURE-----
News for package coturn
