Hi, I made an official version which includes the fix. http://ftp.gnu.org/gnu/osip/libosip2-5.3.1.tar.gz
Best Regards, Aymeric Le mer. 12 oct. 2022 à 17:39, Salvatore Bonaccorso <car...@debian.org> a écrit : > Source: libosip2 > Version: 5.3.0-2 > Severity: important > Tags: security upstream > Forwarded: https://savannah.gnu.org/bugs/?63103 > X-Debbugs-Cc: car...@debian.org, Debian Security Team < > t...@security.debian.org> > > Hi, > > The following vulnerability was published for libosip2. > > CVE-2022-41550[0]: > | GNU oSIP v5.3.0 was discovered to contain an integer overflow via the > | component osip_body_parse_header. > > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2022-41550 > https://www.cve.org/CVERecord?id=CVE-2022-41550 > [1] https://savannah.gnu.org/bugs/?63103 > > Please adjust the affected versions in the BTS as needed. > > Regards, > Salvatore > > -- Antisip - http://www.antisip.com