Ring

To: debian-lts@lists.debian.org, LTS Coordinator <lts-coordinator@freexian.com>, security@debian.org
Subject: Ring
From: Bastien Roucariès <rouca@debian.org>
Date: Fri, 29 Sep 2023 21:12:57 +0000
Message-id: <[🔎] 7203152.hJDAD6EWY3@portable-bastien>

Hi,

I tried to fix CVE-2021-32686 by using patch from upstream.

I think the problem is hard to solve:
- patch does not apply cleanly and backport will be difficult (moreover  it is hard to test this kind of race condition)
- ring use a heavy patched PJSIP. A solution will be to use the repackaged dfsg pjsip from asterisk (debian dir) and try if ring patches apply

However the second solution will take time for something that is DOS by NULL pointer deference....

Maybe a dsa-ignore will be better for this issue

Bastien

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to:

Prev by Date: (E)LTS and Debian report for September 2023
Next by Date: Re: SALT
Previous by thread: (E)LTS and Debian report for September 2023
Next by thread: Debian LTS and ELTS -- September 2023
Index(es):
- Date
- Thread