On 2016/04/24 19:15, Sevan Janiyan wrote: > Hello, > telephony/kamailio in ports is vulnerable to the advisory outlined in > https://census-labs.com/news/2016/03/30/kamailio-seas-heap-overflow/ > > Regards > > > Sevan >
Hmm, is patches/patch-modules_seas_encode_msg_c not enough then? My last comments about Kamailio, no reply yet: ----- Forwarded message from Stuart Henderson <s...@spacehopper.org> ----- From: Stuart Henderson <s...@spacehopper.org> Date: Sun, 13 Mar 2016 15:05:15 +0000 To: Roman Kravchuk <kravchuk...@gmail.com> Cc: ports <ports@openbsd.org> User-Agent: Mutt/1.5.24 (2015-08-30) Subject: Re: Update: telephony/kamailio to 4.3.5 Mail-Followup-To: Roman Kravchuk <kravchuk...@gmail.com>, ports <ports@openbsd.org> On 2016/03/13 15:43, Roman Kravchuk wrote: > With disabled CRYPTO_set_mem_functions tls module loaded but kamailio > crashed on close connection I don't know how to handle this then, the port can't depend on security/openssl. Perhaps upstream could help.. Since the current version is already broken in the same way, shall I just commit the update (minus the openssl dep) for now? ----- End forwarded message -----