On 10.10.23 11:53, Bastien Roucariès wrote:
All of that said, it is interesting to me that fairly recently (at the
end of August) the ring package in buster was updated to fix 23 CVEs,
but this particular CVE was left open. Perhaps it would be worthwhile to
find out from Thorsten (who
On Tue, Oct 10, 2023 at 09:53:58AM +, Bastien Roucariès wrote:
> Le vendredi 6 octobre 2023, 19:31:43 UTC Roberto C. Sánchez a écrit :
> >
> > The older pjsip located in that project lacks ssl_sock_imp_common.c but
> > has the other two files. Most of the remainder of the patch applied
> >
Le vendredi 6 octobre 2023, 19:31:43 UTC Roberto C. Sánchez a écrit :
> Hi Bastien,
>
> On Fri, Sep 29, 2023 at 09:12:57PM +, Bastien Roucariès wrote:
> > Hi,
> >
> > I tried to fix CVE-2021-32686 by using patch from upstream.
> >
> > I think the problem is hard to solve:
> > - patch does