Re: [SECURITY] [DLA 2962-1] pjproject security update

To: Bastian Triller <bastian.triller@gmail.com>
Cc: debian-lts@lists.debian.org
Subject: Re: [SECURITY] [DLA 2962-1] pjproject security update
From: Abhijith PA <abhijith@disroot.org>
Date: Thu, 31 Mar 2022 12:55:34 +0530
Message-id: <[🔎] YkVXbuZDlXCvrYKq@disroot.org>
In-reply-to: <[🔎] CALJ8HB4U3R60yauzL6Thh4skYGMLr66unYTj6F+RL+_0_pUgXA@mail.gmail.com>
References: <YkHE2aTwKzMSosta@disroot.org> <[🔎] CALJ8HB4U3R60yauzL6Thh4skYGMLr66unYTj6F+RL+_0_pUgXA@mail.gmail.com>

On 30/03/22 12:05 PM, Bastian Triller wrote:
> Hello,
> 
> we upgraded to 2.5.5~dfsg-6+deb9u3 and we're seeing crashes in
> Asterisk. It seems the patch for CVE-2022-23608 is faulty. In your
> patch, the hash table key is assigned twice in hunk #2 but not in hunk
> #4.
> Please see attached patch CVE-2022-23608_fixed.patch.


Thank you for the regression report. I am taking a look.


--abhijith

Reply to:

References:
- Re: [SECURITY] [DLA 2962-1] pjproject security update
  - From: Bastian Triller <bastian.triller@gmail.com>

Prev by Date: Re: [SECURITY] [DLA 2962-1] pjproject security update
Previous by thread: Re: [SECURITY] [DLA 2962-1] pjproject security update
Index(es):
- Date
- Thread