Quoting Ben Hutchings (2015-11-30 03:04:17) > On Mon, 2015-11-30 at 02:31 +0100, Jonas Smedegaard wrote: >> Quoting Ben Hutchings (2015-11-30 02:11:10) >>> the Debian LTS team would like to fix the security issues which are >>> currently open in the Squeeze version of srtp: >>> https://security-tracker.debian.org/tracker/CVE-2015-6360 >>> >>> Would you like to take care of this yourself? >> >> Help would be much appreciated. >> >> ...also to figure out what the issue even is - I simply proxied from >> upstream changelog. > > Based on the commit log, I believe it covers remotely-triggerable out- > of-bounds reads, fixed by: > > https://github.com/cisco/libsrtp/commit/704a31774db0dd941094fd2b47c2163 > 8b8dc3de2 > https://github.com/cisco/libsrtp/commit/be95365fbb4788b688cab7af61c65b7 > 989055fb4 > https://github.com/cisco/libsrtp/commit/cdc69f2acde796a4152a250f8692712 > 98abc233f > https://github.com/cisco/libsrtp/commit/be06686c8e98cc7bd934e10abb6f5e9 > 71d03f8ee Thanks. If someone else than me could do this backport I would appreciate that. I will be travelling the next days... - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private
Attachment:
signature.asc
Description: signature