-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 31 Jan 2019 09:53:40 +0100 Source: coturn Binary: coturn Architecture: source amd64 Version: 4.2.1.2-1+deb8u1 Distribution: jessie-security Urgency: medium Maintainer: Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org> Changed-By: Emilio Pozuelo Monfort <pochu@debian.org> Description: coturn - TURN and STUN server for VoIP Changes: coturn (4.2.1.2-1+deb8u1) jessie-security; urgency=medium . * Non-maintainer upload by the LTS team. * CVE-2018-4056: SQL injection vulnerability in administration portal * CVE-2018-4058: unsafe loopback forwarding in default config * CVE-2018-4059: empty password for the administration interface Checksums-Sha1: 9bd7d73d4727fb70145b186f7dca30ee7d3cf9fe 2113 coturn_4.2.1.2-1+deb8u1.dsc c68aaeda1c1a266c2c3b2e0bf23d68560734d78d 347513 coturn_4.2.1.2.orig.tar.gz 9def0d605d80454b766bef286e73c34003ee3698 9420 coturn_4.2.1.2-1+deb8u1.debian.tar.xz 6d84c1d4c107341bb781713d4ba7e36c373346f6 285034 coturn_4.2.1.2-1+deb8u1_amd64.deb Checksums-Sha256: c26a34aa5e3f0a78e6d0aaab9137768e18e485054e4ca076b5159c1ba051262e 2113 coturn_4.2.1.2-1+deb8u1.dsc 9e4d73dcaceb43bc3948c0ec521226e9c2b87bf6919c07328032fdc0be24d86d 347513 coturn_4.2.1.2.orig.tar.gz 8aada4dbd3472a1929fd22172e8a357b3529d871b2058a9f51730af0dc0aa21c 9420 coturn_4.2.1.2-1+deb8u1.debian.tar.xz 37a07fad6a07c31eb33ea7a09e4c839c0ac59926133a3d7f5c7c0f92eb80b8b1 285034 coturn_4.2.1.2-1+deb8u1_amd64.deb Files: f8ea3e348213df94e19c7ba688632ea1 2113 net extra coturn_4.2.1.2-1+deb8u1.dsc c33e0faa3d581f3114f26b098b04c65a 347513 net extra coturn_4.2.1.2.orig.tar.gz 08a8db1cb78a2709f0a5ca3c47cbb194 9420 net extra coturn_4.2.1.2-1+deb8u1.debian.tar.xz e3f6c35f7c23801c50a061e51c1958ff 285034 net extra coturn_4.2.1.2-1+deb8u1_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlxhR/kACgkQnUbEiOQ2 gwJxlQ/9F1J5O6gYH4QRQK+VbTHmyNAFiNAEoIczmDl1u/BtvhyKD+nirLVsqjg9 TsNQUwDqCpZ7aRryjGKpaBmqysO5TjVL5AIBGHOswAjWNUPxPQHitKsf1E6W1NPV k48HYtMMSmUtHoQ1RVuU92X1FS0rRcMchy0fc5yTyci+3fvf7UXZfGNEBSIIBe4H jDuJG/6ng9/RnIOK4yhYRxCMMMBkQXjXFbSEeAZebiV5VLSWSTILyGZsPA65tFXN on7NuEcc7bvp2kb1jaHBrxmsaWznTTT75YdFqEdVNz6jrYMfxNumpldiOvN4ilki uV5yrWNTqvpVFw76TGum0Ki+8yyXC8TTv1jj8geWwGTbzBCFMI3HJGGdIO4tCIfV PAugWQFqzA2Aa6Kh8fMNgI/BRSnZ5Vb+O/bgI9GbGMEwcV1h8VBNsnqw/pkOQuIJ xkzx+CSJsa7MzvL84IpZkRqFbKq9wiTG3SOMLrPhsuRXy+4/UK7Gn6K0FjDmAN3l 9OMxZLxOi0vVdEF9gh5ghBBOJ8JCt0BVw+j0pFkO2Jrzz6nxOcCNWx033U4iQDJK 1EnmRVdE4+zdbchJXOzo6ilMAaOaem5O6iNEGW0RA5tWoU0TgGv3DtuCoDlXajq3 4pvd+PLUpZnSeVGbu+CSnYozJ4grSvmV2LbCwaz1IKOcNtTYohE= =SpKf -----END PGP SIGNATURE-----