Register | Log in

pjproject

Choose email to subscribe with

general

source: pjproject (updates)
version: 2.5.5~dfsg-6+deb9u4
maintainer: Debian VoIP Team (archive) (DMD)
uploaders: Jonas Smedegaard [DMD] – Jeremy Lainé [DMD] – Bernhard Schmidt [DMD] – Tzafrir Cohen [DMD]
arch: any
std-ver: 3.9.8
VCS: Git (Browse)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 2.5.5~dfsg-6+deb9u1
o-o-sec: 2.5.5~dfsg-6+deb9u4

versioned links

2.5.5~dfsg-6+deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.5.5~dfsg-6+deb9u4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libpj2
libpjlib-util2
libpjmedia-audiodev2
libpjmedia-codec2
libpjmedia-videodev2
libpjmedia2
libpjnath2
libpjproject-dev
libpjsip-simple2
libpjsip-ua2
libpjsip2
libpjsua2
libpjsua2-2v5
python-pjproject

package is gone

This package is not in any development repository. This probably means that the package has been removed (or has been renamed). Thus the information here is of little interest ... the package is going to disappear unless someone takes it over and reintroduces it.

action needed

4 security issues in stretch high

There are 4 open security issues in stretch.

3 important issues:

CVE-2022-24786: PJSIP is a free and open source multimedia communication library written in C. PJSIP versions 2.12 and prior do not parse incoming RTCP feedback RPSI (Reference Picture Selection Indication) packet, but any app that directly uses pjmedia_rtcp_fb_parse_rpsi() will be affected. A patch is available in the `master` branch of the `pjsip/pjproject` GitHub repository. There are currently no known workarounds.
CVE-2022-24792: PJSIP is a free and open source multimedia communication library written in C. A denial-of-service vulnerability affects applications on a 32-bit systems that use PJSIP versions 2.12 and prior to play/read invalid WAV files. The vulnerability occurs when reading WAV file data chunks with length greater than 31-bit integers. The vulnerability does not affect 64-bit apps and should not affect apps that only plays trusted WAV files. A patch is available on the `master` branch of the `pjsip/project` GitHub repository. As a workaround, apps can reject a WAV file received from an unknown source or validate the file first.
CVE-2022-24793: PJSIP is a free and open source multimedia communication library written in C. A buffer overflow vulnerability in versions 2.12 and prior affects applications that uses PJSIP DNS resolution. It doesn't affect PJSIP users who utilize an external resolver. A patch is available in the `master` branch of the `pjsip/pjproject` GitHub repository. A workaround is to disable DNS resolution in PJSIP config (by setting `nameserver_count` to zero) or use an external resolver instead.

1 issue postponed or untriaged:

CVE-2022-24763: (postponed; to be fixed through a stable update) PJSIP is a free and open source multimedia communication library written in the C language. Versions 2.12 and prior contain a denial-of-service vulnerability that affects PJSIP users that consume PJSIP's XML parsing in their apps. Users are advised to update. There are no known workarounds.

Created: 2022-04-19 Last update: 2022-04-27 04:05

news

[2022-03-31] Accepted pjproject 2.5.5~dfsg-6+deb9u4 (source) into oldoldstable (Abhijith PA)
[2022-03-28] Accepted pjproject 2.5.5~dfsg-6+deb9u3 (source) into oldoldstable (Abhijith PA)
[2021-04-23] Accepted pjproject 2.5.5~dfsg-6+deb9u2 (source amd64) into oldstable (Thorsten Alteholz)
[2020-10-03] Removed 2.7.2~dfsg-4 from unstable (Debian FTP Masters)
[2019-04-06] pjproject REMOVED from testing (Debian testing watch)
[2018-07-28] pjproject 2.7.2~dfsg-4 MIGRATED to testing (Debian testing watch)
[2018-07-22] Accepted pjproject 2.7.2~dfsg-4 (source) into unstable (Bernhard Schmidt)
[2018-07-19] Accepted pjproject 2.7.2~dfsg-3 (source) into unstable (Bernhard Schmidt)
[2018-06-01] pjproject 2.7.2~dfsg-2 MIGRATED to testing (Debian testing watch)
[2018-05-26] Accepted pjproject 2.7.2~dfsg-2 (source) into unstable (Bernhard Schmidt)
[2018-04-16] Accepted pjproject 2.5.5~dfsg-6+deb9u1 (source) into proposed-updates->stable-new, proposed-updates (Bernhard Schmidt)
[2018-04-09] Accepted pjproject 2.5.5~dfsg-6+deb9u1 (source) into stable->embargoed, stable (Bernhard Schmidt)
[2018-03-02] pjproject 2.7.2~dfsg-1 MIGRATED to testing (Debian testing watch)
[2018-02-24] Accepted pjproject 2.7.2~dfsg-1 (source) into unstable (Bernhard Schmidt)
[2017-11-15] pjproject 2.7.1~dfsg-1 MIGRATED to testing (Debian testing watch)
[2017-11-09] Accepted pjproject 2.7.1~dfsg-1 (source) into unstable (Bernhard Schmidt)
[2017-10-12] pjproject 2.7~dfsg-1 MIGRATED to testing (Debian testing watch)
[2017-10-06] Accepted pjproject 2.7~dfsg-1 (source) into unstable (Bernhard Schmidt)
[2017-08-23] pjproject 2.6~dfsg-2 MIGRATED to testing (Debian testing watch)
[2017-08-17] Accepted pjproject 2.6~dfsg-2 (source) into unstable (Bernhard Schmidt)
[2017-08-15] Accepted pjproject 2.6~dfsg-1 (source) into unstable (Bernhard Schmidt)
[2017-08-11] Accepted pjproject 2.1.0.0.ast20130823-1+deb8u1 (source amd64) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Moritz Muehlenhoff) (signed by: Moritz Mühlenhoff)
[2017-08-06] Accepted pjproject 2.6~dfsg-0+exp2 (source) into experimental (Bernhard Schmidt)
[2017-06-24] Accepted pjproject 2.6~dfsg-0+exp1 (source) into experimental (Bernhard Schmidt)
[2017-06-04] pjproject 2.5.5~dfsg-6 MIGRATED to testing (Debian testing watch)
[2017-06-02] Accepted pjproject 2.5.5~dfsg-6 (source) into unstable (Bernhard Schmidt)
[2016-12-31] pjproject 2.5.5~dfsg-5 MIGRATED to testing (Debian testing watch)
[2016-12-20] Accepted pjproject 2.5.5~dfsg-5 (source) into unstable (Bernhard Schmidt)
[2016-12-16] Accepted pjproject 2.5.5~dfsg-4 (source) into unstable (Bernhard Schmidt)
[2016-11-16] pjproject 2.5.5~dfsg-3 MIGRATED to testing (Debian testing watch)

1
2

bugs [bug history graph]

all: 0

links

homepage
buildd: logs, clang, cross
popcon
edit tags
security tracker

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing