-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 14 Apr 2017 16:21:21 -0400 Source: libosip2 Binary: libosip2-dev libosip2-11 Architecture: source Version: 4.1.0-2.1 Distribution: unstable Urgency: medium Maintainer: Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org> Changed-By: Antoine Beaupré <anarcat@debian.org> Description: libosip2-11 - Session Initiation Protocol (SIP) library libosip2-dev - development files for the SIP library Closes: 860287 Changes: libosip2 (4.1.0-2.1) unstable; urgency=medium . * Non-maintainer upload to fix security issues (Closes: #860287) * CVE-2016-10324: In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the osip_clrncpy() function defined in osipparser2/osip_port.c. * CVE-2016-10325: In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the _osip_message_to_str() function defined in osipparser2/osip_message_to_str.c, resulting in a remote DoS. * CVE-2016-10326: In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the osip_body_to_str() function defined in osipparser2/osip_body.c, resulting in a remote DoS. * CVE-2017-7853: In libosip2 in GNU oSIP 5.0.0, a malformed SIP message can lead to a heap buffer overflow in the msg_osip_body_parse() function defined in osipparser2/osip_message_parse.c, resulting in a remote DoS. Checksums-Sha1: 8f7656a6ea32e059227449d4f18492e6cda61b3b 2054 libosip2_4.1.0-2.1.dsc e88639f111a57580d4821f1a90d43d537e90f5a6 7672 libosip2_4.1.0-2.1.debian.tar.xz Checksums-Sha256: 6cedcf2f341489312905b77d6f9a9b32da0d469a0aadc85006d1a13a4744190d 2054 libosip2_4.1.0-2.1.dsc 418d64e2e27483d5fd96d2aae1b600d11778aa08b3064cd9f636c6838aed1cfa 7672 libosip2_4.1.0-2.1.debian.tar.xz Files: 14b018d9d434926255dc25561753ce9f 2054 comm optional libosip2_4.1.0-2.1.dsc 84620b026df025ee710757eaae930a2b 7672 comm optional libosip2_4.1.0-2.1.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJY8mOLAAoJEHkhUlJ7dZIeEhAP/0O+1+qaeWI48RBlNitgOQ9b iITVdfNnpp/USXFUJXcsxCHppsMZPolCMOUCcQitwkl9nLM88+6EiosoPxf2Dh/L LCpThjnKNCMDKR1Q91l0pIXfcSHFk5Cxi2H8rC2FG8qW9Zn5MCJ/I4gLRSJPfvgx IFg9Us89+mzOytmXX1sZPVXf3flhshjzk57BQowYSzFxzyVI0NdxNMVhec7cTfkz NvbghRY5Wl+0FZ80BTDI7pcS/VnLqpVxZA8cvW3h+feTIj6lLprvsX11lOtY2Bg9 MQOTUhns9gCHk1esrVlBSMbidIDzUpBtx0fKV92UtNoV9DmdJ7PaDuau7oOC7otC P9CJuAqodV9ksE7SKROXK7gDrJdbt5/NJ9bLaAkqFfOmJL6CMR/qrOJSrGrGllfT 9Cw5dBs2d1q3Ge4cxyQ+u830GPe4XhYm4b/Knu1NQ0XpEMnTwIxL832mwf+RmiPx JdOSMceyELLuXUh1hPgL+GLMQACAY69y1x2wxbbylraHD4mjx4mLszPlqgM66roe lD/MRBbQsdjbfCMe0xhMmCufKDap/DlWW8XCC3B+4zwNnNIqiboRahbjSJIn/y/i nP3ZuTCGfb6AuQw7tXBgzxa7rpHY9egY9AgvAkM6exBZN1qYuhBMFgaRL/d4HLG/ w5hiER/cOye3Mm2BOE2t =uHdh -----END PGP SIGNATURE-----
