Re: Re: squeeze update of srtp?

To: Scott Kitterman <debian@kitterman.com>, debian-lts@lists.debian.org
Subject: Re: Re: squeeze update of srtp?
From: Ben Hutchings <ben@decadent.org.uk>
Date: Tue, 01 Dec 2015 14:18:52 +0000
Message-id: <[🔎] 1448979532.30642.37.camel@decadent.org.uk>
In-reply-to: <[🔎] 4419957.hbifo6dMfZ@kitterma-e6430>
References: <[🔎] 4419957.hbifo6dMfZ@kitterma-e6430>

On Tue, 2015-12-01 at 08:39 -0500, Scott Kitterman wrote:
> I checked this yesterday and the offending code isn't present in the 1.4 
> versions of srtp.

Only because the range checks that have just been fixed in the upstream
patches aren't present at all in 1.4!

These sites do need to be fixed:
https://sources.debian.net/src/srtp/1.4.4~dfsg-6%2Bdeb6u1/srtp/srtp.c/#L673
https://sources.debian.net/src/srtp/1.4.4~dfsg-6%2Bdeb6u1/srtp/srtp.c/#L939

Ben.

-- 
Ben Hutchings
Theory and practice are closer in theory than in practice.
                                - John Levine, moderator of comp.compilers

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to:

Follow-Ups:
- Re: Re: squeeze update of srtp?
  - From: Scott Kitterman <debian@kitterman.com>

References:
- Re: Re: squeeze update of srtp?
  - From: Scott Kitterman <debian@kitterman.com>

Prev by Date: Re: Re: squeeze update of srtp?
Next by Date: Re: Re: squeeze update of srtp?
Previous by thread: Re: Re: squeeze update of srtp?
Next by thread: Re: Re: squeeze update of srtp?
Index(es):
- Date
- Thread