Summary: | <net-libs/libsrtp-1.6.0: improper handling of CSRC count and extension header length in RTP header | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | chainsaw, chromium |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1323702 | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: |
net-libs/libsrtp-1.6.0
|
Runtime testing required: | --- |
Bug Depends on: | |||
Bug Blocks: | 635900 |
Description
Agostino Sarubbo
2016-04-08 09:39:03 UTC
@ Maintainer(s): Upstream has released v1.5.3 which contains the fixes. However I recommend to bump the package to v1.5.4 which includes further improvements. ia64 stable Stable on amd64 x86 stable Stable on alpha. ppc64 stable ppc stable All arches stabilized! maintainter(s), please cleanup. @Security, please add bugID to CVETool. Gentoo Security Padawan (Jmbailey/mbailey_j) GLSA Vote: No @Maintainers libsrtp 1.5.x still in tree, please clean vulnerable versions. Thank you The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9d005030aa7bc9f8039b5512dac4d59177934c5c commit 9d005030aa7bc9f8039b5512dac4d59177934c5c Author: Aaron Bauman <bman@gentoo.org> AuthorDate: 2018-04-23 02:24:00 +0000 Commit: Aaron Bauman <bman@gentoo.org> CommitDate: 2018-04-23 14:35:10 +0000 net-libs/libsrtp: drop vulnerable Bug: https://bugs.gentoo.org/579318 Package-Manager: Portage-2.3.31, Repoman-2.3.9 Closes: https://github.com/gentoo/gentoo/pull/8113 net-libs/libsrtp/Manifest | 4 -- net-libs/libsrtp/libsrtp-1.4.4-r1.ebuild | 75 ------------------- net-libs/libsrtp/libsrtp-1.4.4-r2.ebuild | 74 ------------------- net-libs/libsrtp/libsrtp-1.4.4_p20121108-r1.ebuild | 76 -------------------- net-libs/libsrtp/libsrtp-1.4.4_p20121108.ebuild | 73 ------------------- net-libs/libsrtp/libsrtp-1.5.2-r1.ebuild | 79 -------------------- net-libs/libsrtp/libsrtp-1.5.2.ebuild | 75 ------------------- net-libs/libsrtp/libsrtp-1.5.4-r1.ebuild | 83 ---------------------- net-libs/libsrtp/libsrtp-1.5.4.ebuild | 77 -------------------- 9 files changed, 616 deletions(-)} |