Bug#711163: marked as done (srtp: CVE-2013-2139)

Sun, 12 Jan 2014 14:06:33 -0800 

Your message dated Sun, 12 Jan 2014 22:02:34 +0000
with message-id <e1w2t74-0003gp...@franck.debian.org>
and subject line Bug#711163: fixed in srtp 1.4.4~dfsg-6+deb6u1
has caused the Debian Bug report #711163,
regarding srtp: CVE-2013-2139
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
711163: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=711163
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: srtp
Severity: grave
Tags: security

This was assigned CVE-2013-2139:
http://seclists.org/fulldisclosure/2013/Jun/10

Fix:
https://github.com/cisco/libsrtp/pull/27

Cheers,
        Moritz

--- End Message ---
--- Begin Message --- 
Source: srtp
Source-Version: 1.4.4~dfsg-6+deb6u1

We believe that the bug you reported is fixed in the latest version of
srtp, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 711...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <car...@debian.org> (supplier of updated srtp package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 02 Jan 2014 16:22:57 +0100
Source: srtp
Binary: libsrtp0-dev libsrtp0 srtp-docs srtp-utils
Architecture: source all amd64
Version: 1.4.4~dfsg-6+deb6u1
Distribution: squeeze-security
Urgency: high
Maintainer: Jonas Smedegaard <d...@jones.dk>
Changed-By: Salvatore Bonaccorso <car...@debian.org>
Description: 
 libsrtp0   - Secure RTP (SRTP) and UST Reference Implementations - shared libr
 libsrtp0-dev - Secure RTP (SRTP) and UST Reference Implementations - 
development
 srtp-docs  - Secure RTP (SRTP) and UST Reference Implementations - documentati
 srtp-utils - Secure RTP (SRTP) and UST Reference Implementations - utilities
Closes: 711163
Changes: 
 srtp (1.4.4~dfsg-6+deb6u1) squeeze-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Add 1009_CVE-2013-2139.patch patch.
     CVE-2013-2139: buffer overflow in application of crypto profiles.
     (Closes: #711163)
Checksums-Sha1: 
 b68931a4b264c7f8902cd99abdb62316b28dc30e 2027 srtp_1.4.4~dfsg-6+deb6u1.dsc
 fdc0db5be8102ab061dc7aba1c59062904e6871f 241720 srtp_1.4.4~dfsg.orig.tar.gz
 2035d4a47b042327ed0c0466bb93958d66bec3ba 31983 
srtp_1.4.4~dfsg-6+deb6u1.debian.tar.gz
 b88f3ea44c277cca588e24e64967420db679daef 224956 
srtp-docs_1.4.4~dfsg-6+deb6u1_all.deb
 0b47e5196f2e7b9d3b39dbadcbe1a2bf5a5e9d2c 86260 
libsrtp0-dev_1.4.4~dfsg-6+deb6u1_amd64.deb
 17ce23232b739ab8a3c05f929efe99fa8ff79ae5 52304 
libsrtp0_1.4.4~dfsg-6+deb6u1_amd64.deb
 71d6dfe0c8146b27b4c6498a246c04e568136fba 203744 
srtp-utils_1.4.4~dfsg-6+deb6u1_amd64.deb
Checksums-Sha256: 
 f3e7575aa4544e5223f8484c6b88f5dd53862f9780d4b059fb00b28670e24e17 2027 
srtp_1.4.4~dfsg-6+deb6u1.dsc
 57581a5cd1fe6918497588c24745b257e197be6beffb1314705a62c4d5760166 241720 
srtp_1.4.4~dfsg.orig.tar.gz
 d96a0d3be96d5e8eb2a9f385da41acf9ba0d29d63df904f97af30541b1540192 31983 
srtp_1.4.4~dfsg-6+deb6u1.debian.tar.gz
 5270eab340b5a207532b60cc4f9d127baeca30c17101de1f28a58db93bbe912e 224956 
srtp-docs_1.4.4~dfsg-6+deb6u1_all.deb
 ad92bc85ad55d3ee04de63808f63b6d85e847cb8c409e6a38e1b1e2d6d7d4779 86260 
libsrtp0-dev_1.4.4~dfsg-6+deb6u1_amd64.deb
 fc0d92084f3a5c1b04be504e8f7255341a516c3d46c5a363f177cb057200804a 52304 
libsrtp0_1.4.4~dfsg-6+deb6u1_amd64.deb
 4dd31a92ea4957c4b104f11f84fe8f295b4a1979a4024ff1083eab117041657d 203744 
srtp-utils_1.4.4~dfsg-6+deb6u1_amd64.deb
Files: 
 245644589be93acdd472594ebc1e64b0 2027 libs optional 
srtp_1.4.4~dfsg-6+deb6u1.dsc
 d3326fe2e129e94e29462ab60acae390 241720 libs optional 
srtp_1.4.4~dfsg.orig.tar.gz
 36fa41864c54a6aa667c274f48afa3bc 31983 libs optional 
srtp_1.4.4~dfsg-6+deb6u1.debian.tar.gz
 42f080e320877782b5df069c8ef0ab6e 224956 doc optional 
srtp-docs_1.4.4~dfsg-6+deb6u1_all.deb
 7408b0c970dd935fdc9a8b79e01051b7 86260 libdevel optional 
libsrtp0-dev_1.4.4~dfsg-6+deb6u1_amd64.deb
 b6c455f8815725cf97817ee1d8bdca87 52304 libs optional 
libsrtp0_1.4.4~dfsg-6+deb6u1_amd64.deb
 8c94345c5ae70cd93806d78659c08b2e 203744 libs optional 
srtp-utils_1.4.4~dfsg-6+deb6u1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iQIcBAEBCgAGBQJSycTnAAoJEAVMuPMTQ89EYHkP/2bBJuTNFoJpoyEG5D8jp0Ay
6tLRIUnhQ8IAVxPg6sIVvo8NHaBsIFemStyd12/vEKLCD7fNBeabl+tbKOrSEXj+
3dvf09VhsusvXohhdZPBo2e5Tm3p5033jywStd+w55IY9nEUXDps4A3c/znnMirF
bzMZIMnK8tHcEq0WGv/n2SJCJ1O6m29UWljty9Q1tM6xFPvqb6iLIrFiKGGvpsEI
0w9N3suii2rQEI5fKaKDCX2fUV9f/LCE6RgoMtEZymVm1QNh0f0LayuA8miDcgns
UFs0T1BECxsZChNNpkiLcn6JKSIPza9XAZtIK2590KUPDwgRL+5fTuaXUdZ/UGDL
1gQwfyOqzhDejQt0Hm1vZ2jDJ1sruo3XGPcD7MB2STJT249IYH4jHqLhs0JPZQyy
aw7FGLe+k0k/Lm+Z8wUnq3luog1KmNE6gc0lV6Vl7FcL4s7575J8+F5MhO/3GOQl
K1JlHnzzU6+OVl+9r41+9bzpMl3mI7qEVgzgIL7tr2k+H7fiDkQWIX1L/jm3qNT3
t2Z30L5GldEn4RuyakLygIbQ6HGgTisl9MJodh1RaAaYie+dDm0o5xLPZCi6gW7h
w/0VGtenPBrI+5APq9xve2jssK33wH7Zbbf/tQae1t4rUuRh0s1f2HOfO5ggyxfl
Q2mUyxY1pEaU7/KFuYoV
=BwL6
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to