Summary: | <net-libs/pjproject-2.12.1-r2: multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | jaco, proxy-maint |
Priority: | Normal | Keywords: | PullRequest |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: |
https://github.com/gentoo/gentoo/pull/27677 https://bugs.gentoo.org/show_bug.cgi?id=803614 https://bugs.gentoo.org/show_bug.cgi?id=829894 https://github.com/gentoo/gentoo/pull/27992 |
||
Whiteboard: | B4 [glsa+] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 878241 | ||
Bug Blocks: |
Description
John Helmert III
2022-10-07 13:22:57 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9190173b8ee7cf9ee818ad61aebc841f11fa834f commit 9190173b8ee7cf9ee818ad61aebc841f11fa834f Author: orbea <orbea@riseup.net> AuthorDate: 2022-10-07 19:10:13 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-10-12 23:22:50 +0000 net-libs/pjproject: Add 2.12.1-r2 * Fixes the build with musl * Fixes a bashism * Backports two CVE fix patches Closes: https://bugs.gentoo.org/865719 Upstream-PR: https://github.com/pjsip/pjproject/pull/3220 Upstream-Commit: https://github.com/pjsip/pjproject/commit/bae7e5f4ff9047170e7e160ab52f6d9993aeae80 Bug: https://bugs.gentoo.org/875863 Upstream-Commit: https://github.com/pjsip/pjproject/commit/d2acb9af4e27b5ba75d658690406cec9c274c5cc Upstream-Commit: https://github.com/pjsip/pjproject/commit/c4d34984ec92b3d5252a7d5cddd85a1d3a8001ae Closes: https://bugs.gentoo.org/867343 Upstream-PR: https://github.com/pjsip/pjproject/pull/3263 Signed-off-by: orbea <orbea@riseup.net> Closes: https://github.com/gentoo/gentoo/pull/27677 Signed-off-by: Sam James <sam@gentoo.org> .../files/pjproject-2.12.1-r2-CVE-2022-39244.patch | 306 +++++++++++++++++++++ .../files/pjproject-2.12.1-r2-CVE-2022-39269.patch | 33 +++ .../files/pjproject-2.12.1-r2-bashism.patch | 44 +++ .../pjproject/files/pjproject-2.12.1-r2-musl.patch | 102 +++++++ net-libs/pjproject/pjproject-2.12.1-r2.ebuild | 144 ++++++++++ 5 files changed, 629 insertions(+) Please stable when ready, thanks! Sorry for missing. I guess we'll need to CC security@ on security bugs when we're not assigned. Hi All, Sorry for all the noise (adding multiple URLs seems to be messy). Figured I'd link everything that potentially relates. There are two older security bugs which has also not been GLSA'd, I'd recommend just issuing one big GLSA for the whole lot, but I'm not part of the security team, so don't know what the policies are. The depends on is the stable bug, so once that's happy we can progress with all of this. Kind Regards, Jaco Please cleanup. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2f0a8066cec1e9356367684a5dffb808f0be6ac8 commit 2f0a8066cec1e9356367684a5dffb808f0be6ac8 Author: Jaco Kroon <jaco@uls.co.za> AuthorDate: 2022-10-27 19:44:42 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-10-30 02:57:47 +0000 net-libs/pjproject: drop 2.12.1-r1 Bug: https://bugs.gentoo.org/875863 Signed-off-by: Jaco Kroon <jaco@uls.co.za> Closes: https://github.com/gentoo/gentoo/pull/27992 Signed-off-by: John Helmert III <ajak@gentoo.org> net-libs/pjproject/pjproject-2.12.1-r1.ebuild | 140 -------------------------- 1 file changed, 140 deletions(-) GLSA request filed The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=5cbf3d86fb2bca0fdeb9214550c2f68d0bcb7467 commit 5cbf3d86fb2bca0fdeb9214550c2f68d0bcb7467 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-10-31 20:22:18 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-10-31 20:25:50 +0000 [ GLSA 202210-37 ] PJSIP: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/803614 Bug: https://bugs.gentoo.org/829894 Bug: https://bugs.gentoo.org/875863 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202210-37.xml | 60 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) GLSA released, all done! |