Bug#989815: marked as done (buster-pu: package ring/20190215.1.f152c98~ds1-1)

To: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Subject: Bug#989815: marked as done (buster-pu: package ring/20190215.1.f152c98~ds1-1)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Sat, 09 Oct 2021 11:15:16 +0000
Message-id: <[🔎] handler.989815.D989815.163377794329972.ackdone@bugs.debian.org>
Reply-to: 989815@bugs.debian.org
References: <896b7609401ceb0e1c537222e26587ea2351415d.camel@adam-barratt.org.uk> <alpine.DEB.2.21.2106132211460.6092@postfach.intern.alteholz.me>

Your message dated Sat, 09 Oct 2021 12:11:43 +0100
with message-id <896b7609401ceb0e1c537222e26587ea2351415d.camel@adam-barratt.org.uk>
and subject line Closing bugs for fixes included in the 10.11 point release
has caused the Debian Bug report #989815,
regarding buster-pu: package ring/20190215.1.f152c98~ds1-1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
989815: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989815
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: submit@bugs.debian.org
Cc: Salvatore Bonaccorso <carnil@debian.org>, Alexandre Viau <aviau@debian.org>
Subject: buster-pu: package ring/20190215.1.f152c98~ds1-1
From: Thorsten Alteholz <debian@alteholz.de>
Date: Sun, 13 Jun 2021 22:26:12 +0000 (UTC)
Message-id: <alpine.DEB.2.21.2106132211460.6092@postfach.intern.alteholz.me>

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian.org@packages.debian.org
Usertags: pu

Probably a bit late, but Salvatore just suggested to handle this via PUinstead of security upload.


The attached debdiff for ring fixes CVE-2021-21375 in Buster.

The fix has been already uploaded to Stretch some time ago and nobodycomplained up to now.


  Thorsten

PS. In order to avoid delays, I already uploaded the package ...

diff -Nru ring-20190215.1.f152c98~ds1/debian/changelog ring-20190215.1.f152c98~ds1/debian/changelog
--- ring-20190215.1.f152c98~ds1/debian/changelog	2019-02-19 04:46:25.000000000 +0100
+++ ring-20190215.1.f152c98~ds1/debian/changelog	2021-04-22 19:03:02.000000000 +0200
@@ -1,3 +1,14 @@
+ring (20190215.1.f152c98~ds1-1+deb10u1) buster; urgency=high
+
+  * Non-maintainer upload by the LTS Team.
+  * CVE-2021-21375 (Closes: #986815)
+    The embedded copy of pjproject is affected by this CVE.
+    Due to bad handling of two consecutive crafted answers to an INVITE,
+    the attacker is able to crash the server resulting in a denial of
+    service.
+
+ -- Thorsten Alteholz <debian@alteholz.de>  Thu, 22 Apr 2021 19:03:02 +0200
+
 ring (20190215.1.f152c98~ds1-1) unstable; urgency=medium
 
   * New upstream version.
diff -Nru ring-20190215.1.f152c98~ds1/debian/patches/CVE-2021-21375.patch ring-20190215.1.f152c98~ds1/debian/patches/CVE-2021-21375.patch
--- ring-20190215.1.f152c98~ds1/debian/patches/CVE-2021-21375.patch	1970-01-01 01:00:00.000000000 +0100
+++ ring-20190215.1.f152c98~ds1/debian/patches/CVE-2021-21375.patch	2021-04-22 19:03:02.000000000 +0200
@@ -0,0 +1,33 @@
+Index: ring-20190215.1.f152c98~ds1/daemon/contrib/tarballs-unpacked/pjproject-2.8.tar.gz/pjproject-2.8/pjmedia/src/pjmedia/sdp_neg.c
+===================================================================
+--- ring-20190215.1.f152c98~ds1.orig/daemon/contrib/tarballs-unpacked/pjproject-2.8.tar.gz/pjproject-2.8/pjmedia/src/pjmedia/sdp_neg.c	2021-04-25 18:03:13.057447325 +0200
++++ ring-20190215.1.f152c98~ds1/daemon/contrib/tarballs-unpacked/pjproject-2.8.tar.gz/pjproject-2.8/pjmedia/src/pjmedia/sdp_neg.c	2021-04-25 18:03:13.037446913 +0200
+@@ -304,7 +304,6 @@
+ {
+     pjmedia_sdp_session *new_offer;
+     pjmedia_sdp_session *old_offer;
+-    char media_used[PJMEDIA_MAX_SDP_MEDIA];
+     unsigned oi; /* old offer media index */
+     pj_status_t status;
+ 
+@@ -323,8 +322,19 @@
+     /* Change state to STATE_LOCAL_OFFER */
+     neg->state = PJMEDIA_SDP_NEG_STATE_LOCAL_OFFER;
+ 
++    /* When there is no active local SDP in state PJMEDIA_SDP_NEG_STATE_DONE,
++     * it means that the previous initial SDP nego must have been failed,
++     * so we'll just set the local SDP offer here.
++     */
++    if (!neg->active_local_sdp) {
++	neg->initial_sdp_tmp = NULL;
++	neg->initial_sdp = pjmedia_sdp_session_clone(pool, local);
++	neg->neg_local_sdp = pjmedia_sdp_session_clone(pool, local);
++
++	return PJ_SUCCESS;
++    }
++
+     /* Init vars */
+-    pj_bzero(media_used, sizeof(media_used));
+     old_offer = neg->active_local_sdp;
+     new_offer = pjmedia_sdp_session_clone(pool, local);
+ 
diff -Nru ring-20190215.1.f152c98~ds1/debian/patches/series ring-20190215.1.f152c98~ds1/debian/patches/series
--- ring-20190215.1.f152c98~ds1/debian/patches/series	2019-02-19 04:46:25.000000000 +0100
+++ ring-20190215.1.f152c98~ds1/debian/patches/series	2021-04-22 19:03:02.000000000 +0200
@@ -1,3 +1,5 @@
 dont-build-gnutls.patch
 namedirectory-old-restbed.patch
 jsoncpp-rename.patch
+
+CVE-2021-21375.patch

--- End Message ---

--- Begin Message ---

To: 986216-done@bugs.debian.org, 986669-done@bugs.debian.org, 986898-done@bugs.debian.org, 987372-done@bugs.debian.org, 989494-done@bugs.debian.org, 989530-done@bugs.debian.org, 989815-done@bugs.debian.org, 990066-done@bugs.debian.org, 990182-done@bugs.debian.org, 990315-done@bugs.debian.org, 991221-done@bugs.debian.org, 991514-done@bugs.debian.org, 991516-done@bugs.debian.org, 991632-done@bugs.debian.org, 991641-done@bugs.debian.org, 991881-done@bugs.debian.org, 991886-done@bugs.debian.org, 991909-done@bugs.debian.org, 992117-done@bugs.debian.org, 992243-done@bugs.debian.org, 992374-done@bugs.debian.org, 992599-done@bugs.debian.org, 992863-done@bugs.debian.org, 993034-done@bugs.debian.org, 993134-done@bugs.debian.org, 993224-done@bugs.debian.org, 993228-done@bugs.debian.org, 993277-done@bugs.debian.org, 993492-done@bugs.debian.org, 993823-done@bugs.debian.org, 993898-done@bugs.debian.org, 994021-done@bugs.debian.org, 994023-done@bugs.debian.org, 994513-done@bugs.debian.org, 994583-done@bugs.debian.org, 994853-done@bugs.debian.org, 994862-done@bugs.debian.org, 994887-done@bugs.debian.org, 994943-done@bugs.debian.org, 995238-done@bugs.debian.org, 995482-done@bugs.debian.org

Subject: Closing bugs for fixes included in the 10.11 point release

From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Date: Sat, 09 Oct 2021 12:11:43 +0100

Message-id: <896b7609401ceb0e1c537222e26587ea2351415d.camel@adam-barratt.org.uk>
Package: release.debian.org
Version: 10.11

Hi,

The updates relating to these bugs were included in this morning's
10.11 point release for buster.

Regards,

Adam
--- End Message ---

Reply to:

Prev by Date: Bug#987372: marked as done (buster-pu: package distro-info-data/0.41+deb10u3 OR (distro-info/1.0~deb10u1 AND distro-info-data/0.47~deb10u1))
Next by Date: Bug#990066: marked as done (buster-pu: package distcc)
Previous by thread: Bug#987372: marked as done (buster-pu: package distro-info-data/0.41+deb10u3 OR (distro-info/1.0~deb10u1 AND distro-info-data/0.47~deb10u1))
Next by thread: Bug#990066: marked as done (buster-pu: package distcc)
Index(es):
- Date
- Thread