-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 03 Apr 2018 10:02:31 +0200 Source: pjproject Binary: libpjlib-util2 libpjmedia-audiodev2 libpjmedia-codec2 libpjmedia-videodev2 libpjmedia2 libpjnath2 libpjsip-simple2 libpjsip-ua2 libpjsip2 libpjsua2 libpjsua2-2v5 libpj2 libpjproject-dev python-pjproject Architecture: source Version: 2.5.5~dfsg-6+deb9u1 Distribution: stretch-security Urgency: high Maintainer: Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org> Changed-By: Bernhard Schmidt <berni@debian.org> Description: libpj2 - PJ Project - PJProject core libraries libpjlib-util2 - PJ Project - helper utilities libpjmedia-audiodev2 - PJ Project - Audio devices libpjmedia-codec2 - PJ Project - Multimedia codecs handling libpjmedia-videodev2 - SIP handling library - video devices libpjmedia2 - PJ Project - VoIP media libpjnath2 - PJ Project - NAT handling libpjproject-dev - PJ Project - development headers libpjsip-simple2 - PJ Project - SIP SIMPLE instant messaging libpjsip-ua2 - SIP handling library - SIP user agent library libpjsip2 - PJ Project - SIP handling library libpjsua2 - PJ Project - Basic VoIP client library libpjsua2-2v5 - PJ Project - Basic VoIP client library python-pjproject - PJ Project - Python bindings Closes: 881362 Changes: pjproject (2.5.5~dfsg-6+deb9u1) stretch-security; urgency=high . [ Bernhard Schmidt ] * Fix various security issues - CVE-2017-16872: Overflow when parsing numeric fileds in SIP messages - CVE-2017-16875: Double key unregistration in ioqueue component - CVE-2018-1000098: Integer overflow in SDP parsing (also reported by the Asterisk project as AST-2018-002) - CVE-2018-1000099: Null Pointer vulnerability in pjmedia SDP parsing (also reported by the Asterisk project as AST-2018-003) * Fix resolution of DNS SRV targets that do not have an AAAA record (Closes: #881362) Checksums-Sha1: 687cb848cf173982000af75b631f6afd9195b403 3334 pjproject_2.5.5~dfsg-6+deb9u1.dsc d130318466a02e5734b069ed0e343a5d78c06a5c 3506099 pjproject_2.5.5~dfsg.orig.tar.bz2 da937d31afcee01677e25c98325cb57dfa81a73a 51216 pjproject_2.5.5~dfsg-6+deb9u1.debian.tar.xz a5e82a2faf4626ebe4c778c372d035f0576f6698 6092 pjproject_2.5.5~dfsg-6+deb9u1_source.buildinfo Checksums-Sha256: 266b57626d36d1d4d950d8f10783c235fcc48fbd45377f5c5b8aa005dd544d45 3334 pjproject_2.5.5~dfsg-6+deb9u1.dsc 09457ad674083211ae3b6c7e8e44b8ef33b454dc85dbf5674d06e49dc1ea9437 3506099 pjproject_2.5.5~dfsg.orig.tar.bz2 e427789462e5b50db3b1afd433d69caa61fcf4bf85101434af65981cefd09356 51216 pjproject_2.5.5~dfsg-6+deb9u1.debian.tar.xz b9f829f904b3278533a381acd84080dc315ac7d10f8f482b07b6ac0dcc9875cb 6092 pjproject_2.5.5~dfsg-6+deb9u1_source.buildinfo Files: 80f1f2131d0e97d5541257341cd96497 3334 comm optional pjproject_2.5.5~dfsg-6+deb9u1.dsc 7186301d3987908b8b8cc5e84da48153 3506099 comm optional pjproject_2.5.5~dfsg.orig.tar.bz2 25bc2f90d40d26ceefc5d2b3640e3b9a 51216 comm optional pjproject_2.5.5~dfsg-6+deb9u1.debian.tar.xz 479e43af1d5abaf3a8395507b550d3e6 6092 comm optional pjproject_2.5.5~dfsg-6+deb9u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJFBAEBCgAvFiEE1uAexRal3873GVbTd1B55bhQvJMFAlrKfY8RHGJlcm5pQGRl Ymlhbi5vcmcACgkQd1B55bhQvJMZHA//UXGo/Lqd71B/VsTSBSUvEuptaXOj9Fqw v7sopbSXbUVy0pKQ3Ka1bA6yyMVvNcfiy8eQzaXGIb/u34ptGLw/0pgguAAT0Gny 8/m4Iltd1CYyj3uuHpBnvsv0IdVqmgbzFzOQhEHYiTopvBN8HC/Ee/SkXr2yaeno whceelhVTLt5NVFdkajoZhjYY5f4+VBJWXEDcqiN9LLTTI6PMv9wxYRXGLiFaQWK nOqH9hMc8xSrmT5zrcACUOsFN24tUImaD3w4H/hn2AnQNGp1rY97GREpBB/U8sJr FcsQiCd9cizLzUygAdTaU+hG60mvgIgULMGpl/I7J0+OAFHfHqT/QZqH+w0Ip070 WDr0lfuTCQEW1gXBbCMvuc2FDzpnAC6Sh3oMQsNw8SRIt8iljqwSUZp+abXUZnWn azz0h9UA+h/NdwGSRjbAgA2ptFT8etiMEhtKwqLzyPPDUP/UAA+2GJ83GBmA49RX V7BnGN6VzcFPvyDyWw2fFeXld2BQIT+g6Qy29gdN7zIDZkRtHNVYUse/Njci9EVI WFZe3tTSYJL13fKGPDqdUOQlv0FZwXq6sbmkYl3tIeOEukfN4z7BhFQoRJ40V4V+ 821bE96NHaBdv9nUSGlWCaEjz+gqU5u3Z400Ktm0IhJcONo9TTpCYpnbuUELtTdq Bs664bNL+sQ= =M3AV -----END PGP SIGNATURE-----
