Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted ring 20190215.1.f152c98~ds1-1+deb10u2 (source) into oldoldstable
Date: Tue, 29 Aug 2023 17:50:34 +0000
Signed by: Thorsten Alteholz <alteholz@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 28 Aug 2023 23:03:02 +0200
Source: ring
Architecture: source
Version: 20190215.1.f152c98~ds1-1+deb10u2
Distribution: buster-security
Urgency: high
Maintainer: Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org>
Changed-By: Thorsten Alteholz <debian@alteholz.de>
Changes:
 ring (20190215.1.f152c98~ds1-1+deb10u2) buster-security; urgency=high
 .
   * Non-maintainer upload by the LTS Team.
   * CVE-2021-37706
     The header length of an incoming STUN message, containing an
     ERROR-CODE attribute, must not be negative.
   * CVE-2021-43299
     CVE-2021-43300
     CVE-2021-43301
     CVE-2021-43302
     CVE-2021-43303
     The length of an attacker controlled filename needs to be checked.
   * CVE-2021-43804
     Check declared length of incoming RTCP BYE message with actual
     received packet size.
   * CVE-2021-43845
     Check length of data field in incoming RTCP XR message with actual
     received packet size.
   * CVE-2022-21722
     incoming RTP/RTCP packets might cause out-of-bound read access
   * CVE-2022-21723
     an incoming SIP message that contains a malformed multipart might
     cause out-of-bound read access
   * CVE-2022-23537
     A buffer overread might be possible when parsing a crafted
     STUN message with unknown attribute
   * CVE-2022-23608
     A buffer overread might be possible when parsing a crafted
     STUN message with unknown attribute
   * CVE-2022-24754
     stack-buffer overflow vulnerability which only impacts PJSIP users
     who accept hashed digest credentials (credentials with data_type
     `PJSIP_CRED_DATA_DIGEST`).
   * CVE-2022-24763
     denial-of-service vulnerability when using PJSIP's XML parsing
   * CVE-2022-24764
     stack buffer overflow vulnerability in pjmedia_sdp_print() and
     pjmedia_sdp_media_print()
   * CVE-2022-24793
     buffer overflow vulnerability affects applications that use
     PJSIP DNS resolution. This vulnerability is related to
     CVE-2023-27585 but appears in a different function.
     parse_rr() <-> parse_query()
   * CVE-2022-31031
     a stack buffer overflow vulnerability affects applications
     that use STUN
   * CVE-2022-39244
     buffer overflow vulnerability in the PJSIP parser,
     PJMEDIA RTP decoder, and PJMEDIA SDP parser
   * CVE-2023-27585
     buffer overflow vulnerability affects applications that use
     PJSIP DNS resolution. This vulnerability is related to
     CVE-2022-24793 but appears in a different function.
     parse_query() <-> parse_rr()
   * CVE-2022-23547
     Possible buffer overread when parsing a certain STUN message
     This issue is similar to CVE-2022-23537
Checksums-Sha1:
 218f3e50630768e8dc5ad6942071cfbe22e29baf 3234 ring_20190215.1.f152c98~ds1-1+deb10u2.dsc
 e1d1fb1f7e421c595a9e6d31132af71c5c0f7ba7 10868790 ring_20190215.1.f152c98~ds1.orig.tar.gz
 964e2510dbb62395df4511862afc296d12042873 23960 ring_20190215.1.f152c98~ds1-1+deb10u2.debian.tar.xz
 5a69984d0071482e6480d54e13756ed26a4cae60 26793 ring_20190215.1.f152c98~ds1-1+deb10u2_amd64.buildinfo
Checksums-Sha256:
 5765104797bfa809f2a61be330b761502102a900a84c67678d551f21649674b9 3234 ring_20190215.1.f152c98~ds1-1+deb10u2.dsc
 dc4ec5d29f1d9abcfccc38dfd1a86b2edf08671030dd39640b94bf3765f4458a 10868790 ring_20190215.1.f152c98~ds1.orig.tar.gz
 3a595737220764a17314fd6beab201a1ec39659bd853d1ccbe5001d1128145de 23960 ring_20190215.1.f152c98~ds1-1+deb10u2.debian.tar.xz
 4e26317ea443adc485df5ea0025aae4b18f7d8e3f02078fff294901c46c3e985 26793 ring_20190215.1.f152c98~ds1-1+deb10u2_amd64.buildinfo
Files:
 39dafa07f95a8daa71caa46217bc5f52 3234 comm optional ring_20190215.1.f152c98~ds1-1+deb10u2.dsc
 af8a171898225686d0bce55480486069 10868790 comm optional ring_20190215.1.f152c98~ds1.orig.tar.gz
 e8ff8760d761613d60823f22cd6f4dd7 23960 comm optional ring_20190215.1.f152c98~ds1-1+deb10u2.debian.tar.xz
 ebbd2f7113606d85b45f7f62a51e3c0f 26793 comm optional ring_20190215.1.f152c98~ds1-1+deb10u2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmTuJvdfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh
bHRlaG9sei5kZQAKCRCW/KwNOHtYR4eZD/96ywOYihOFijYKyewFdtrSr1jFE6N3
1LeTQ+Z11NR27g/CnRLT6B0WDKPW/vN4X+grP1n8C4e6I98I78qMCF0IgSXbAPDj
ZhB1g2FEXJziBJzsh9ohOJULxYoiRHU39uhGQCzpVS4J8kT7DcmFxY4BRnCR4xZn
TWx5c15+PYAaELsn85mrtRCJiaG4u7urEbHfPR1Tr2xhjkIhT3Cot3+VDZZOxWba
Kwe8tgpq5KvI17ydmMkfAlc8d38hrMx2ANoGnPVIOmRg+ohmChKSB3khNPJIFiCT
drSXAWlZ9ARGTWfe6O+kTZIsqPHvKW1B5QyYvbeKEUl5DBeVj38Vy4VRPpOIWXPx
aYLLSke7Ghl8bqtu7tbshxDzebCfRATcCpSg6+5Is+PZ1qLA2mCpfu8ehjj1Ojt2
zSZ2Slj+TZKt7Pf3Z86lOaeiNONOjhnu/OHX4dQYkFZIqWo45vlgTwSVQ2o07ZYq
vPuJb5GiIBxuXA58ybPZdrUnGhpIIt3x0dtB5BXhl6OlTdWqdv1zMevI6g1wQCh5
n4st1XSetRfPp8Jvq5NamfQU4PHgBezjKrgVrGVvB2DL1jEYi2t89MeJMDJ2YysU
lqU5o0iDMPU/PI+tO3ArayzsgOdS2y5XNcgTRMZ/tti+fGxBx7IbRLYv8pMu6Cm0
hbXL1/dmjBCaxQ==
=pmHt
-----END PGP SIGNATURE-----
News for package ring
