Am 01.04.2016 um 18:52 schrieb Salvatore Bonaccorso:
[...]
> Okay, please go ahead with your upload to security-master. Since the
> version for jessie-security is new to dak on security-master please
> remember to build with -sa to include the original source tarball.
>
> Thanks for your work on t
Hi Markus,
On Thu, Mar 31, 2016 at 10:21:32PM +0200, Markus Koschany wrote:
> Control: severity -1 grave
> Control: tags -1 patch
>
> Am 31.03.2016 um 15:14 schrieb John Foley:
> > It's my understanding the obsolete versions of libsrtp are vulnerable.
> > Quoting the original text from Randell J
Yes, that fix should address the vulnerability. There was one Cisco
product that reported an issue with this patch. Specifically, it
prevents a zero length payload packet from being decrypted. We never
received reports of this problem from downstream open source projects.
So you're probably
Control: severity -1 grave
Control: tags -1 patch
Am 31.03.2016 um 15:14 schrieb John Foley:
> It's my understanding the obsolete versions of libsrtp are vulnerable.
> Quoting the original text from Randell Jesup...
>
> srtp_unprotect (netwerk\srtp\src\srtp\srtp.c) can experience an
> in
4 matches
Mail list logo