Re: Re: squeeze update of srtp?
On December 1, 2015 9:18:52 AM EST, Ben Hutchingswrote: >On Tue, 2015-12-01 at 08:39 -0500, Scott Kitterman wrote: >> I checked this yesterday and the offending code isn't present in the >1.4 >> versions of srtp. > >Only because the range checks that have just been fixed in the upstream >patches aren't present at all in 1.4! > >These sites do need to be fixed: >https://sources.debian.net/src/srtp/1.4.4~dfsg-6%2Bdeb6u1/srtp/srtp.c/#L673 >https://sources.debian.net/src/srtp/1.4.4~dfsg-6%2Bdeb6u1/srtp/srtp.c/#L939 Okay. I'll have another look at it later in the week. Feel free to grab it if you have time first. If that's the case, then wheezy/jessie need fixing too. Scott K
Re: Re: squeeze update of srtp?
I checked this yesterday and the offending code isn't present in the 1.4 versions of srtp. Scott K
Re: Re: squeeze update of srtp?
On Tue, 2015-12-01 at 08:39 -0500, Scott Kitterman wrote: > I checked this yesterday and the offending code isn't present in the 1.4 > versions of srtp. Only because the range checks that have just been fixed in the upstream patches aren't present at all in 1.4! These sites do need to be fixed: https://sources.debian.net/src/srtp/1.4.4~dfsg-6%2Bdeb6u1/srtp/srtp.c/#L673 https://sources.debian.net/src/srtp/1.4.4~dfsg-6%2Bdeb6u1/srtp/srtp.c/#L939 Ben. -- Ben Hutchings Theory and practice are closer in theory than in practice. - John Levine, moderator of comp.compilers signature.asc Description: This is a digitally signed message part