Re: Re: squeeze update of srtp?

2015-12-01 Thread Scott Kitterman 


On December 1, 2015 9:18:52 AM EST, Ben Hutchings  wrote:
>On Tue, 2015-12-01 at 08:39 -0500, Scott Kitterman wrote:
>> I checked this yesterday and the offending code isn't present in the
>1.4 
>> versions of srtp.
>
>Only because the range checks that have just been fixed in the upstream
>patches aren't present at all in 1.4!
>
>These sites do need to be fixed:
>https://sources.debian.net/src/srtp/1.4.4~dfsg-6%2Bdeb6u1/srtp/srtp.c/#L673
>https://sources.debian.net/src/srtp/1.4.4~dfsg-6%2Bdeb6u1/srtp/srtp.c/#L939

Okay. I'll have another look at it later in the week.  Feel free to grab it if 
you have time first.  If that's the case, then wheezy/jessie need fixing too.

Scott K

Re: Re: squeeze update of srtp?

2015-12-01 Thread Scott Kitterman 
I checked this yesterday and the offending code isn't present in the 1.4 
versions of srtp.

Scott K

Re: Re: squeeze update of srtp?

2015-12-01 Thread Ben Hutchings 
On Tue, 2015-12-01 at 08:39 -0500, Scott Kitterman wrote:
> I checked this yesterday and the offending code isn't present in the 1.4 
> versions of srtp.

Only because the range checks that have just been fixed in the upstream
patches aren't present at all in 1.4!

These sites do need to be fixed:
https://sources.debian.net/src/srtp/1.4.4~dfsg-6%2Bdeb6u1/srtp/srtp.c/#L673
https://sources.debian.net/src/srtp/1.4.4~dfsg-6%2Bdeb6u1/srtp/srtp.c/#L939

Ben.

-- 
Ben Hutchings
Theory and practice are closer in theory than in practice.
- John Levine, moderator of comp.compilers


signature.asc
Description: This is a digitally signed message part