-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 28 Jan 2019 13:16:57 +0100 Source: coturn Architecture: source Version: 4.5.1.0-1 Distribution: unstable Urgency: medium Maintainer: Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org> Changed-By: Mészáros Mihály <misi@majd.eu> Changes: coturn (4.5.1.0-1) unstable; urgency=medium . * Sync to upstream 4.5.1.0 - Fix CVE-2018-4058: coTURN unsafe loopback forwarding default configuration vulnerability - by default loopback disabled - no-loopback option removed! - allow-loopback-peers option added - Fix CVE-2018-4056: coTURN Administrator Web Portal SQL injection vulnerability - Web admin disabled by default - Web admin could listen on separated IP and port - web-admin-ip option added - web-admin-port option added - Web admin is disabled on STUN/TURN ports. - web-admin-listen-on-workers option added to enable web-admin STUN/TURN ports - Fix CVE-2018-4059: coTURN server unsafe telnet admin portal default configuration vulnerability - An empty cli-password with an allow-loopback-peers option is prohibited. - fix memory leak in read_config_file Checksums-Sha1: 54c70cedf3314219b868037080954917d1cfd13a 2196 coturn_4.5.1.0-1.dsc 6bebf3ba1b0f4370fae9045e190ef401074b095b 410893 coturn_4.5.1.0.orig.tar.gz f672a054bc2bcf20ef3cdda68e0d01650a134dec 10556 coturn_4.5.1.0-1.debian.tar.xz 43afdf3a37406e76b406ac29638f30861fd0427c 7366 coturn_4.5.1.0-1_amd64.buildinfo Checksums-Sha256: e4e7a29619c089f754b7d9f2fec668837b6695e8bbc8504f435e3d831f645d82 2196 coturn_4.5.1.0-1.dsc b84581a46dd40ad674f2905d680e9d0be9743fbbc001198dd498a584fd2fbd15 410893 coturn_4.5.1.0.orig.tar.gz 8e6486316d8eaeb643c64e56d02855a699097137af6ed28229af9cf042113159 10556 coturn_4.5.1.0-1.debian.tar.xz bda501685725c9e3387680ad3d96acb6628746a3d622157cdcbf876eb35b9ebe 7366 coturn_4.5.1.0-1_amd64.buildinfo Files: 2f25a440e687d993283b03d2dd7d91cd 2196 net optional coturn_4.5.1.0-1.dsc cbb7f1f69845f7f46ba4a131d030aea6 410893 net optional coturn_4.5.1.0.orig.tar.gz 585ae0ae942c4503b9e725ebc4e2b066 10556 net optional coturn_4.5.1.0-1.debian.tar.xz 452a02473216a84ac414c8a176060def 7366 net optional coturn_4.5.1.0-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEwddEx0RNIUL7eugtOsj3Fkd+2yMFAlxO+HYACgkQOsj3Fkd+ 2yOasxAAqJE74EKgSUJZCvnKHFETxi4wed7PH2X44qeRr/HNM0NR4eJGUDmp+DaR GZpf2QFkoq2t0gtw5R/o/UNUTjZGfZsGIysH4rQLRB6zMmFwTBrLo1uwva45swHN cS7Tek1UAAR5Mh4ejOwX6Brm/BvunU0OLFLpbkc3S+tm/+TLH9h1jb0z2JxUi1ut 7Cj5Y7DSzN9MKI7QLPx8uPebv1ZaNP5lmWMhBSuHHDyVlm17Eta1M39WaG07dL/H 9ZMH04kRcD//BPKZbqZMW6OswJ8VLcB+fWuCTbBrI89iLQ0hkneAEuhvBxe/ACIX 8AHzb0TLlmnp6+uqExpjMG6/kd3FgGHEM6aLCNjsZ6lhv4ditr/HdphRifAVwVCq oBIYD6ELYhrYqUT/ClcVfBDSNjAKoMNi6IxlCm4rqoRo2mWHGrnl4RwUsccrQusG FL11q/vaTLvfTSZE4Iii+awYAQmT2PQRwsbY8FC34dPdf+tjTlxsPMt3eaVuy8v9 nSrwSaYeV709wbl/X6wj7nzABixeGAJWdOQfnbgmObZQ2LeBhWfuBI0GlFTgLjJD BQDviw2cxzIAu3dgOwS0SPBwqIoOHtRSRgoeBMjF5hhbu4ghB4SzBO34zKikaS6D zXKujP1SDkunkITR8xe+YgUgypHsq1RPh+lozzB7dzqjZuu0v4w= =NQL0 -----END PGP SIGNATURE-----