Register | Log in

pjproject

Choose email to subscribe with

general

source: pjproject (updates)
version: 2.5.5~dfsg-6+deb9u1
maintainer: Debian VoIP Team (archive) (DMD)
uploaders: Jonas Smedegaard [DMD] – Jeremy Lainé [DMD] – Bernhard Schmidt [DMD] – Tzafrir Cohen [DMD]
arch: any
std-ver: 3.9.8
VCS: Git (Browse)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

oldstable: 2.5.5~dfsg-6+deb9u1
old-sec: 2.5.5~dfsg-6+deb9u1

versioned links

2.5.5~dfsg-6+deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libpj2
libpjlib-util2
libpjmedia-audiodev2
libpjmedia-codec2
libpjmedia-videodev2
libpjmedia2
libpjnath2
libpjproject-dev
libpjsip-simple2
libpjsip-ua2
libpjsip2
libpjsua2
libpjsua2-2v5
python-pjproject

package is gone

This package is not in any development repository. This probably means that the package has been removed (or has been renamed). Thus the information here is of little interest ... the package is going to disappear unless someone takes it over and reintroduces it.

action needed

2 security issues in stretch high

There are 2 open security issues in stretch.

2 important issues:

CVE-2020-15260: PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In version 2.10 and earlier, PJSIP transport can be reused if they have the same IP address + port + protocol. However, this is insufficient for secure transport since it lacks remote hostname authentication. Suppose we have created a TLS connection to `sip.foo.com`, which has an IP address `100.1.1.1`. If we want to create a TLS connection to another hostname, say `sip.bar.com`, which has the same IP address, then it will reuse that existing connection, even though `100.1.1.1` does not have certificate to authenticate as `sip.bar.com`. The vulnerability allows for an insecure interaction without user awareness. It affects users who need access to connections to different destinations that translate to the same address, and allows man-in-the-middle attack if attacker can route a connection to another destination such as in the case of DNS spoofing.
CVE-2021-21375: PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In PJSIP version 2.10 and earlier, after an initial INVITE has been sent, when two 183 responses are received, with the first one causing negotiation failure, a crash will occur. This results in a denial of service.

Created: 2021-03-12 Last update: 2021-04-12 14:34

news

[2020-10-03] Removed 2.7.2~dfsg-4 from unstable (Debian FTP Masters)
[2019-04-06] pjproject REMOVED from testing (Debian testing watch)
[2018-07-28] pjproject 2.7.2~dfsg-4 MIGRATED to testing (Debian testing watch)
[2018-07-22] Accepted pjproject 2.7.2~dfsg-4 (source) into unstable (Bernhard Schmidt)
[2018-07-19] Accepted pjproject 2.7.2~dfsg-3 (source) into unstable (Bernhard Schmidt)
[2018-06-01] pjproject 2.7.2~dfsg-2 MIGRATED to testing (Debian testing watch)
[2018-05-26] Accepted pjproject 2.7.2~dfsg-2 (source) into unstable (Bernhard Schmidt)
[2018-04-16] Accepted pjproject 2.5.5~dfsg-6+deb9u1 (source) into proposed-updates->stable-new, proposed-updates (Bernhard Schmidt)
[2018-04-09] Accepted pjproject 2.5.5~dfsg-6+deb9u1 (source) into stable->embargoed, stable (Bernhard Schmidt)
[2018-03-02] pjproject 2.7.2~dfsg-1 MIGRATED to testing (Debian testing watch)
[2018-02-24] Accepted pjproject 2.7.2~dfsg-1 (source) into unstable (Bernhard Schmidt)
[2017-11-15] pjproject 2.7.1~dfsg-1 MIGRATED to testing (Debian testing watch)
[2017-11-09] Accepted pjproject 2.7.1~dfsg-1 (source) into unstable (Bernhard Schmidt)
[2017-10-12] pjproject 2.7~dfsg-1 MIGRATED to testing (Debian testing watch)
[2017-10-06] Accepted pjproject 2.7~dfsg-1 (source) into unstable (Bernhard Schmidt)
[2017-08-23] pjproject 2.6~dfsg-2 MIGRATED to testing (Debian testing watch)
[2017-08-17] Accepted pjproject 2.6~dfsg-2 (source) into unstable (Bernhard Schmidt)
[2017-08-15] Accepted pjproject 2.6~dfsg-1 (source) into unstable (Bernhard Schmidt)
[2017-08-11] Accepted pjproject 2.1.0.0.ast20130823-1+deb8u1 (source amd64) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Moritz Muehlenhoff) (signed by: Moritz Mühlenhoff)
[2017-08-06] Accepted pjproject 2.6~dfsg-0+exp2 (source) into experimental (Bernhard Schmidt)
[2017-06-24] Accepted pjproject 2.6~dfsg-0+exp1 (source) into experimental (Bernhard Schmidt)
[2017-06-04] pjproject 2.5.5~dfsg-6 MIGRATED to testing (Debian testing watch)
[2017-06-02] Accepted pjproject 2.5.5~dfsg-6 (source) into unstable (Bernhard Schmidt)
[2016-12-31] pjproject 2.5.5~dfsg-5 MIGRATED to testing (Debian testing watch)
[2016-12-20] Accepted pjproject 2.5.5~dfsg-5 (source) into unstable (Bernhard Schmidt)
[2016-12-16] Accepted pjproject 2.5.5~dfsg-4 (source) into unstable (Bernhard Schmidt)
[2016-11-16] pjproject 2.5.5~dfsg-3 MIGRATED to testing (Debian testing watch)
[2016-11-10] Accepted pjproject 2.5.5~dfsg-3 (source) into unstable (Bernhard Schmidt)
[2016-11-02] Accepted pjproject 2.5.5~dfsg-2 (source) into unstable (Bernhard Schmidt)
[2016-10-30] Accepted pjproject 2.5.5~dfsg-1 (source) into unstable (Bernhard Schmidt)

1
2

bugs [bug history graph]

all: 0

links

homepage
buildd: logs, clang, cross
popcon
browse source code
edit tags
other distros
security tracker

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing