-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 16 Apr 2017 19:03:02 +0200 Source: libosip2 Binary: libosip2-dev libosip2-7 Architecture: source amd64 Version: 3.6.0-4+deb7u1 Distribution: wheezy-security Urgency: high Maintainer: Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org> Changed-By: Thorsten Alteholz <debian@alteholz.de> Description: libosip2-7 - Session Initiation Protocol (SIP) library libosip2-dev - development files for the SIP library Changes: libosip2 (3.6.0-4+deb7u1) wheezy-security; urgency=high . * Non-maintainer upload by the Wheezy LTS Team. * CVE-2016-10324 In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the osip_clrncpy() function defined in osipparser2/osip_port.c. * CVE-2016-10325 In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the _osip_message_to_str() function defined in osipparser2/osip_message_to_str.c, resulting in a remote DoS. * CVE-2016-10326 In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the osip_body_to_str() function defined in osipparser2/osip_body.c, resulting in a remote DoS. * CVE-2017-7853 In libosip2 in GNU oSIP 5.0.0, a malformed SIP message can lead to a heap buffer overflow in the msg_osip_body_parse() function defined in osipparser2/osip_message_parse.c, resulting in a remote DoS. Checksums-Sha1: 50104ce933e4f95c1258c0860da1b61fd22fd794 2222 libosip2_3.6.0-4+deb7u1.dsc 6d81be8180a46e045fce676d55913433a5e147c8 598496 libosip2_3.6.0.orig.tar.gz b9bd988ebfb8ea2160ebe840d681ab5036ba83fe 8939 libosip2_3.6.0-4+deb7u1.debian.tar.gz d810b7f92972e6301989053be12a1670ecf8efa8 154140 libosip2-dev_3.6.0-4+deb7u1_amd64.deb 0f49ddc429c007da879c4a125151c0e8a71500d2 104944 libosip2-7_3.6.0-4+deb7u1_amd64.deb Checksums-Sha256: 9e6e18b955a973b8008e86dcc1c174920c71c374965674537a72c95b25a93040 2222 libosip2_3.6.0-4+deb7u1.dsc c9a18b0c760506d150017cdb1fa5c1cefe12b8dcbbf9a7e784eb75af376e96cd 598496 libosip2_3.6.0.orig.tar.gz 08748c8d31d8356a073a9b4f5b4e7ea9bc9a1133750e4c567ccc29ecf1fc22b9 8939 libosip2_3.6.0-4+deb7u1.debian.tar.gz 9f2c14cdf9766406f11479d688f40f82ea7129ab1e4b7d3caf935148e3ad882f 154140 libosip2-dev_3.6.0-4+deb7u1_amd64.deb 1e61393ff7956f520a64e1cc401b508fa70008c7df4bd4690c52e19bade4c558 104944 libosip2-7_3.6.0-4+deb7u1_amd64.deb Files: 837ade03f8924c50d56acb713e49d5d7 2222 comm optional libosip2_3.6.0-4+deb7u1.dsc 92fd1c1698235a798497887db159c9b3 598496 comm optional libosip2_3.6.0.orig.tar.gz 44ef4b1c03aeba7f7539998f158d69c1 8939 comm optional libosip2_3.6.0-4+deb7u1.debian.tar.gz ef53d7b315fde370667d4204099496da 154140 libdevel optional libosip2-dev_3.6.0-4+deb7u1_amd64.deb f15b034d7fea7981caac407762c07c69 104944 libs optional libosip2-7_3.6.0-4+deb7u1_amd64.deb -----BEGIN PGP SIGNATURE----- iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAljzr51fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh bHRlaG9sei5kZQAKCRCW/KwNOHtYR1PmD/43D0ctwV6WT9hjDOZfxlGdCBT3oGwu TVubqOX8V5MSoKCunQqO98y3IGvazw0QN4MtAMSAb16pITPLEFTJevGDKjPH78ov jT+rkumbWvgmBhkQzwYoaz404J+p3IP3oNtXKLcbUCmc+GHL01Gvti+wTQYbwsJD 9wKc28WUkVm5Gc8dfpyahg2nfs9sb4r95C9hkF1kVyPLjiMXTFxoSSgnCBpr37Xu ZQ6tjLLgXia/oHO7x/le0m4IeTcDVXI4/gzAlMQ2bdQWaiy7W+70g6rVelwg9Fc4 EPEDxoulVPg6QP3/V9vJ/g4wEOJ/k+wd04MND0gD8Itaqjy9rHEjHRHDlEcKDkVU hq6R1DCoFDODqRqohv0fhb22thTBF4+465U61/9vF5NGyFDq15opyYeZ/EmmCA/P IrqOAddXVvKpx0YC2V48l2whsPH4VtXuXNTT7szKjGBchhylcWQsdRJTJoiBkXlX SzidWmTLdEHTQVRpFGGt0a5UNG1bUQl/uEmsIFTGLaViRD4Ly/4kczeE2HEA9NYB woy/UH0HwnXMGy+2+fC39GJubIyU25y/WmR9qZyjfwRlAHCJKospz+pK56j2msTU OllwkozAzj8C/O6f0XCHC/rVLxQH0JEUjlx6BVKKhMjJpaozuxiwf5v6hO9yhc0t m0D7wUQYwZy0Ng== =qp7+ -----END PGP SIGNATURE-----
