On Mon, 2015-11-30 at 02:31 +0100, Jonas Smedegaard wrote: > Hi Ben and others, > > Quoting Ben Hutchings (2015-11-30 02:11:10) > > the Debian LTS team would like to fix the security issues which are > > currently open in the Squeeze version of srtp: > > https://security-tracker.debian.org/tracker/CVE-2015-6360 > > > > Would you like to take care of this yourself? > > Help would be much appreciated. > > ...also to figure out what the issue even is - I simply proxied from > upstream changelog.
Based on the commit log, I believe it covers remotely-triggerable out- of-bounds reads, fixed by: https://github.com/cisco/libsrtp/commit/704a31774db0dd941094fd2b47c2163 8b8dc3de2 https://github.com/cisco/libsrtp/commit/be95365fbb4788b688cab7af61c65b7 989055fb4 https://github.com/cisco/libsrtp/commit/cdc69f2acde796a4152a250f8692712 98abc233f https://github.com/cisco/libsrtp/commit/be06686c8e98cc7bd934e10abb6f5e9 71d03f8ee Ben. -- Ben Hutchings - Debian developer, member of Linux kernel and LTS teams
signature.asc
Description: This is a digitally signed message part