From ${URL} : Randell Jesup and the Firefox team discovered that srtp, Cisco's reference implementation of the Secure Real-time Transport Protocol (SRTP), does not properly handle RTP header CSRC count and extension header length. A remote attacker can exploit this vulnerability to crash an application linked against libsrtp, resulting in a denial of service. References: http://seclists.org/bugtraq/2016/Apr/11 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
@ Maintainer(s): Upstream has released v1.5.3 which contains the fixes. However I recommend to bump the package to v1.5.4 which includes further improvements.
ia64 stable
Stable on amd64
x86 stable
Stable on alpha.
ppc64 stable
ppc stable
All arches stabilized! maintainter(s), please cleanup. @Security, please add bugID to CVETool. Gentoo Security Padawan (Jmbailey/mbailey_j)
GLSA Vote: No @Maintainers libsrtp 1.5.x still in tree, please clean vulnerable versions. Thank you
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9d005030aa7bc9f8039b5512dac4d59177934c5c commit 9d005030aa7bc9f8039b5512dac4d59177934c5c Author: Aaron Bauman <bman@gentoo.org> AuthorDate: 2018-04-23 02:24:00 +0000 Commit: Aaron Bauman <bman@gentoo.org> CommitDate: 2018-04-23 14:35:10 +0000 net-libs/libsrtp: drop vulnerable Bug: https://bugs.gentoo.org/579318 Package-Manager: Portage-2.3.31, Repoman-2.3.9 Closes: https://github.com/gentoo/gentoo/pull/8113 net-libs/libsrtp/Manifest | 4 -- net-libs/libsrtp/libsrtp-1.4.4-r1.ebuild | 75 ------------------- net-libs/libsrtp/libsrtp-1.4.4-r2.ebuild | 74 ------------------- net-libs/libsrtp/libsrtp-1.4.4_p20121108-r1.ebuild | 76 -------------------- net-libs/libsrtp/libsrtp-1.4.4_p20121108.ebuild | 73 ------------------- net-libs/libsrtp/libsrtp-1.5.2-r1.ebuild | 79 -------------------- net-libs/libsrtp/libsrtp-1.5.2.ebuild | 75 ------------------- net-libs/libsrtp/libsrtp-1.5.4-r1.ebuild | 83 ---------------------- net-libs/libsrtp/libsrtp-1.5.4.ebuild | 77 -------------------- 9 files changed, 616 deletions(-)}