Re: Re: squeeze update of srtp?

On December 1, 2015 9:18:52 AM EST, Ben Hutchings wrote: >On Tue, 2015-12-01 at 08:39 -0500, Scott Kitterman wrote: >> I checked this yesterday and the offending code isn't present in the >1.4  >> versions of srtp. > >Only because the range checks that have just been fixed

Re: Re: squeeze update of srtp?

I checked this yesterday and the offending code isn't present in the 1.4 versions of srtp. Scott K

Re: Re: squeeze update of srtp?

On Tue, 2015-12-01 at 08:39 -0500, Scott Kitterman wrote: > I checked this yesterday and the offending code isn't present in the 1.4  > versions of srtp. Only because the range checks that have just been fixed in the upstream patches aren't present at all in 1.4! These sites do need to be fixed:

Re: squeeze update of srtp?

Quoting Ben Hutchings (2015-11-30 03:04:17) > On Mon, 2015-11-30 at 02:31 +0100, Jonas Smedegaard wrote: >> Quoting Ben Hutchings (2015-11-30 02:11:10) >>> the Debian LTS team would like to fix the security issues which are >>> currently open in the Squeeze version of srtp: >>>

Re: squeeze update of srtp?

Hi Ben and others, Quoting Ben Hutchings (2015-11-30 02:11:10) > the Debian LTS team would like to fix the security issues which are > currently open in the Squeeze version of srtp: > https://security-tracker.debian.org/tracker/CVE-2015-6360 > > Would you like to take care of this yourself?

Re: squeeze update of srtp?

On Mon, 2015-11-30 at 02:31 +0100, Jonas Smedegaard wrote: > Hi Ben and others, > > Quoting Ben Hutchings (2015-11-30 02:11:10) > > the Debian LTS team would like to fix the security issues which are > > currently open in the Squeeze version of srtp: > >