Accepted coturn 4.5.1.3-1 (source) into unstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 27 Jun 2020 17:24:51 +0200
Source: coturn
Architecture: source
Version: 4.5.1.3-1
Distribution: unstable
Urgency: medium
Maintainer: Debian VoIP Team <pkg-voip-maintainers@alioth-lists.debian.net>
Changed-By: Mészáros Mihály <misi@majd.eu>
Changes:
coturn (4.5.1.3-1) unstable; urgency=medium
.
* [ec640a2] New upstream release (4.5.1.3)
- Fixes CVE-2020-6061
heap overflow vulnerability
Crafted HTTP POST request can lead to information leaks
and other misbehavior
- Fixes CVE-2020-6062
denial-of-service vulnerability
Crafted HTTP POST request can lead to server crash and denial of service
- Fixes CVE-2020-4067
STUN response buffer not initialized
One client (an attacker) could use their connection to intelligently
query coturn server to get interesting bytes in the padding bytes from
the connection of another client
- Tidy, and remove compatibility layers
* Remove turn_free_simple
* Remove turn_malloc()
* Remote turn_realloc()
* Remote turn_free()
* Remove turn_calloc()
* Remove turn_strdup()
* Remove SSL_NEW() and SSL_FREE()
* Remove pointer debugging machinery
* Remove ns_bzero(), ns_bcopy(), and ns_bcmp()
* Remove [su]{08,16,32,64}bits type defines
- Fix the webadmin ip permission add/delete sql injection
- Fix mongo driver crash when invalid connection string is used
- Change Diffie Hellman default key length from 1066 to 2066
- New test Certificate and test CA
- Fixes in packaging (rpm, docker)
* [1af9910] Remove patch for CVE 2020 6061+6062
* [82079ae] Update debehelper to debhelper-compat and ver 13
* [60997b6] Add Pre-Depends
* [2830ed6] Add Rules-Requires-Root
* [f648d45] Update metadata
* [aca2929] Change Debian VoIP Team mailinglist
* [f2f1398] exclude CA from examples and docs
* [83c24b5] Add symlink turnutils_uclient > usr/bin/turnutils
* [1f2cd31] migrate bin from turnserver to coturn, symlink
Checksums-Sha1:
087ee43dddd9803b92f7cdc778f300acf1d7e88d 2169 coturn_4.5.1.3-1.dsc
3c4a161054adff792cfab9b2515cc4b5a2cd3ec8 438452 coturn_4.5.1.3.orig.tar.gz
e4f1ce65d79724d39b501e1262e9f086801ca10e 12160 coturn_4.5.1.3-1.debian.tar.xz
c10135c2449c3441449678b60dc7aebaad37af4e 7834 coturn_4.5.1.3-1_amd64.buildinfo
Checksums-Sha256:
b16acf01deff59bd1719254091bdf64adfa554d156685849aba8656f8831cde5 2169 coturn_4.5.1.3-1.dsc
408bf7fde455d641bb2a23ba2df992ea0ae87b328de74e66e167ef58d8e9713a 438452 coturn_4.5.1.3.orig.tar.gz
21fc794cf38601f4538db280ef272808a9beb966967e6c8f5ab146eeadd06bec 12160 coturn_4.5.1.3-1.debian.tar.xz
98bb367197b654174351c8fb4c53906292f954987f85b1cbbd172f7fdd7997e9 7834 coturn_4.5.1.3-1_amd64.buildinfo
Files:
5d43564bba5f2ddc7c3a0d5dd1d191a5 2169 net optional coturn_4.5.1.3-1.dsc
4893c467c2225050a801a25e6bd2e970 438452 net optional coturn_4.5.1.3.orig.tar.gz
baef23ab98f3c0ecda5b5d2432bc17d0 12160 net optional coturn_4.5.1.3-1.debian.tar.xz
f4f274c11573e44440a25d485a550e0e 7834 net optional coturn_4.5.1.3-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEwddEx0RNIUL7eugtOsj3Fkd+2yMFAl758pcACgkQOsj3Fkd+
2yMBCw/9HpejN6qzJZxqsBgHx7PeeerumAIDZOamXByACZqTy/4Z7VNoTzD++cEP
pDqjqAQSK8ASMbqKGWQ6i1luNi7ogRxR4YqVs/rr+ggsYmpjK7yF2NMWRb4/7oAW
yNJmFrGISu5irRAFAsyCkua3/Pat3Phms4+B2rKK5OA0z/p34uKcUDSpVQD07yqp
Y37qzM8DkIHGBvPg2feEnbgmySS7V6SXmxFKZJ8XC0Kt3nXEKOvmmulaFzr+wbFn
xMfZMkaKjckVi6nQ/2JYia3FFWfu33Mc0eihTIEo4fP15OPjE98/xFFZ5dpkdQ4B
JBOIjaKVo3WyASnDw8CBjZgcvafuGKk3gfnKvncu86jh9pzJwJPoUFT/P95cDm2u
toy2JfDYF9hnGpJ3/62EAqumNo5nZBoiFycbTcR57tN227UfgX2dgkSxsddR6ogY
51kdGgrPFa1ghj6c6hXgkMkl9mchGo5b09X4971l+ZY9VPBGS24Zf7pzZTh74wp8
js0GWUZIqx41tL9UdHVBy7+Oq3KSu9LG0u4DVqL2WE4WgpFRDt8dXtEoxoMXAd/W
jJUSfeVNw+NCatYH3gOA7SkLbouc4dLtLnUVUEJMqQFK6Ya+L6OrGKlGvINUj3ul
MTqJ825ZBTq19AwKzP7fv6o/h8Slo9M5VRxNbtEctX8f9h4X6lw=
=PnuG
-----END PGP SIGNATURE-----
Reply to: