[SECURITY] [DLA 3334-1] sofia-sip security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 3334-1] sofia-sip security update
From: Adrian Bunk <bunk@debian.org>
Date: Wed, 22 Feb 2023 23:41:27 +0200
Message-id: <Y/aMB8KZfZcyCMFQ@localhost>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3334-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Adrian Bunk
February 22, 2023                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : sofia-sip
Version        : 1.12.11+20110422.1-2.1+deb10u3
CVE ID         : CVE-2022-47516
Debian Bug     : 1031792

Denial of service (crash) via a crafted UDP message that leads to 
internal assert was fixed in sofia-sip, a SIP (Session Initiation 
Protocol) User-Agent library.

For Debian 10 buster, this problem has been fixed in version
1.12.11+20110422.1-2.1+deb10u3.

We recommend that you upgrade your sofia-sip packages.

For the detailed security status of sofia-sip please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/sofia-sip

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmP2jAcACgkQiNJCh6LY
mLEFOBAAkvG34l8lF2GQghUJ0XB6Bfk2RaYl3d2kkawzgtpSDzL/Bdefuen1RZG+
KkQupgUyvdCLkYNSQjDQLli4Pxzr3A4iud47eeBlk9IGzTPpx4NNSPITeQSOoqLT
UvP9Pjx5Car/ivM1Mr47VxYIh5uNPeq0djtHs6hp3u7sZOcN7V/saX0UidfVXO+F
uozkss2bBb4XqTHaepDiqMItViDQfzBcusPMUFXQ6L3wPmGhdxZRNvhfp+J6Qn9o
L/a/ncrjJGb0dYgWIQPFDFjV8qQvOVxAS1jPkzm6QuEhDjDJT7z9vY5/VSNxyDx/
euHrwoa6S3mfLjkGkZjoWXWEwzxUBBtexU89nsLJqKnqoPICs7hh0YVsFrGx0Td6
Mfbq4KcLjNE0Llbz8zdNu0DMHtifbvFu0e5XnyvUyWGjDit7HNLVeEs+5Z++S5ir
tK3hJJ8yhNfMwVaU+/9115jayRvBkroOnGarRm5ttle/fraGtw7+JVaZ1CqtxSIT
2hP7APSA8Ngy7RtrgwDQ3JuShSdjk2zLt26/b6ZtmxOxHYkBhFo+iZwRreEWRlr1
BLyd2YZ/sfoYYXsf5GaitNJ9mnU+2TvlQ3d4OSO48GcP7BZSul12OWQgF4j/SmsU
GDW4wI/xGrb7osWKdNxE0CqWNpZ7ZUbOPsiIWXObTyWFF8dzMWA=
=juJl
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 3331-1] python-cryptography security update
Next by Date: [SECURITY] [DLA 3335-1] asterisk security update
Previous by thread: [SECURITY] [DLA 3331-1] python-cryptography security update
Next by thread: [SECURITY] [DLA 3335-1] asterisk security update
Index(es):
- Date
- Thread