Your message dated Tue, 23 May 2023 12:22:17 +0000
with message-id <[email protected]>
and subject line Bug#1031792: fixed in sofia-sip
1.12.11+20110422.1+1e14eea~dfsg-5
has caused the Debian Bug report #1031792,
regarding sofia-sip: CVE-2022-47516
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1031792: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031792
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: sofia-sip
Version: 1.12.11+20110422.1+1e14eea~dfsg-4
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for sofia-sip.
CVE-2022-47516[0]:
| An issue was discovered in the libsofia-sip fork in drachtio-server
| before 0.8.20. It allows remote attackers to cause a denial of service
| (daemon crash) via a crafted UDP message that leads to a failure of
| the libsofia-sip-ua/tport/tport.c self assertion.
This was orriginally reported at [1] in the sofia-sip fork as used in
drachtio-server, but was fixed as well in sofia-sip itself at [2].
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2022-47516
https://www.cve.org/CVERecord?id=CVE-2022-47516
[1] https://github.com/drachtio/drachtio-server/issues/244
[2]
https://github.com/freeswitch/sofia-sip/commit/cadf505d88e2971d24b6a4379ddbb1398d8ec443
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: sofia-sip
Source-Version: 1.12.11+20110422.1+1e14eea~dfsg-5
Done: Evangelos Ribeiro Tzaras <[email protected]>
We believe that the bug you reported is fixed in the latest version of
sofia-sip, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Evangelos Ribeiro Tzaras <[email protected]> (supplier of updated
sofia-sip package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 23 May 2023 05:53:48 +0200
Source: sofia-sip
Architecture: source
Version: 1.12.11+20110422.1+1e14eea~dfsg-5
Distribution: unstable
Urgency: medium
Maintainer: Debian VoIP Team <[email protected]>
Changed-By: Evangelos Ribeiro Tzaras <[email protected]>
Closes: 1031792
Changes:
sofia-sip (1.12.11+20110422.1+1e14eea~dfsg-5) unstable; urgency=medium
.
* Add patch to fix reported CVE; add copyright of patch.
For further information see:
- CVE-2022-47516[0]
[0] https://security-tracker.debian.org/tracker/CVE-2022-47516
https://www.cve.org/CVERecord?id=CVE-2022-47516 (closes: bug#1031792)
Checksums-Sha1:
45b442cd440d2728f0a5476024de64e66b06354a 2675
sofia-sip_1.12.11+20110422.1+1e14eea~dfsg-5.dsc
38a98525619ecc53fef59dc48347b0e5afe1dd47 1172172
sofia-sip_1.12.11+20110422.1+1e14eea~dfsg.orig.tar.xz
ac4f86c7ed68e0c70b976054f7cc94666588e290 31816
sofia-sip_1.12.11+20110422.1+1e14eea~dfsg-5.debian.tar.xz
fdc24941aa992127bd12b0dd9d2921a14c24f64e 7693
sofia-sip_1.12.11+20110422.1+1e14eea~dfsg-5_source.buildinfo
Checksums-Sha256:
c184615a3af0e0c0f295bb52f145c1bf3ef268122607798a1904868252c57ef4 2675
sofia-sip_1.12.11+20110422.1+1e14eea~dfsg-5.dsc
9aedd1f013d705488a77fcdf19b949906f542cdd9830a7847da8075b3164db09 1172172
sofia-sip_1.12.11+20110422.1+1e14eea~dfsg.orig.tar.xz
5021f18c3df2ef04dc5609a664745bad169448895e283757f404b516f0a0d930 31816
sofia-sip_1.12.11+20110422.1+1e14eea~dfsg-5.debian.tar.xz
ada37fc6c9731b29729a7561444beb814c425f191e0688a20554306c96ed49ab 7693
sofia-sip_1.12.11+20110422.1+1e14eea~dfsg-5_source.buildinfo
Files:
a8e5147b526f63b587393a4db27720d3 2675 net optional
sofia-sip_1.12.11+20110422.1+1e14eea~dfsg-5.dsc
4c6e371ce4b1acb195d0a5069f90dfd3 1172172 net optional
sofia-sip_1.12.11+20110422.1+1e14eea~dfsg.orig.tar.xz
997f8d1b2bc29f1696f81e2d74dc1e7b 31816 net optional
sofia-sip_1.12.11+20110422.1+1e14eea~dfsg-5.debian.tar.xz
7dc71d338415cc365eae4e435be38f83 7693 net optional
sofia-sip_1.12.11+20110422.1+1e14eea~dfsg-5_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJUBAEBCgA+FiEEuThlVLfdJmvLjimpkPDJsYprShkFAmRsqScgHGRldnJ0ei1k
ZWJpYW5AZm9ydHlzaXhhbmR0d28uZXUACgkQkPDJsYprShlZ1w//YsDdJd1CBoFT
YMBiRoHYUbEPiiXV8wrpXJAKRVs43GeomCVKFFPGo4CWAlu5/pzUNo/vJ6Ph9qxA
XU6n+PN7Q0aPCnq0on17U6y48Z964xn87vNKnPX5viwlwp2cAeNOnCgB2020o96X
23gfdcz6alZZoKu7NFY7LL4V167y1hFxYk251BQiFM3JPPNxZX5+SMe68KF17YkL
gB3pOTTseL3MRfdt5hnjYqbiUIsW9Z3gzsvByVIgErjgP1YTgh2NZHOSkpiNT9FM
TybaaQeJdEGALqkZM0FpnnHkaWjQTJAdD9lG8lNZ+6TNehvvdSP4q8/1Q3ErSs73
uaI8jpDS/bkBIjXYXeSi9054sWHyiHDHPmxVLOvnVuF5A0p+vsZKUUtw7FPjsArr
ZSyS0csI5Z2hOEI4Y1M3vsJ/iaBdwsz052L0+jga1PUQYgbDMnVEpX7q3thruqU2
YleIIPhjLpswCE9xjwUO7DsFbO8cqLWNrhko/+jR31kW1EcGajS30AtMzuZqQsI/
/hIBlqvAIe7m7UMxMNwJF1Mo2/BuoW7FvRYZKA2lGCSsFL0S9QMvPiMX8nCr6buJ
lFXzl2CRLX0MnFebWlr+ftlfM1Vmk6KJvX7ykGqJXgknA+VqqM0bw+FhLh2ECjzH
dAQcJrYU1NXGmnp93g7FqEu1z+Y1tI0=
=APg5
-----END PGP SIGNATURE-----
--- End Message ---
