* [Buildroot] [PATCH 1/1] package/libpjsip: security bump to version 2.12.1
@ 2022-05-13 20:42 Fabrice Fontaine
2022-05-14 20:57 ` Peter Korsgaard
2022-05-29 8:13 ` Peter Korsgaard
0 siblings, 2 replies; 3+ messages in thread
From: Fabrice Fontaine @ 2022-05-13 20:42 UTC (permalink / raw)
To: buildroot; +Cc: Luca Ceresoli, Fabrice Fontaine
Security Issue:
- Potential buffer overflow in pjsip_auth_create_digest()
(GHSA-73f7-48m9-w662 a.k.a. CVE-2022-24754)
- Denial-of-service in XML parsing due to an infinite loop
(GHSA-5x45-qp78-g4p4 a.k.a. CVE-2022-24763)
- Potential stack buffer overflow when printing SDP into a buffer
(GHSA-f5qg-pqcg-765m a.k.a. CVE-2022-24764)
- Potential out-of-bound read/write when parsing RTCP FB RPSI
(GHSA-vhxv-phmx-g52q a.k.a. CVE-2022-24786)
- Potential infinite loop when parsing WAV format file
(GHSA-rwgw-vwxg-q799 a.k.a. CVE-2022-24792)
- Potential heap buffer overflow when parsing DNS packets
(GHSA-p6g5-v97c-w5q4 a.k.a. CVE-2022-24793)
https://github.com/pjsip/pjproject/releases/tag/2.12.1
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
package/libpjsip/libpjsip.hash | 2 +-
package/libpjsip/libpjsip.mk | 3 +--
2 files changed, 2 insertions(+), 3 deletions(-)
diff --git a/package/libpjsip/libpjsip.hash b/package/libpjsip/libpjsip.hash
index 74331ab6fb..b1ccdb2f37 100644
--- a/package/libpjsip/libpjsip.hash
+++ b/package/libpjsip/libpjsip.hash
@@ -1,3 +1,3 @@
# Locally computed
-sha256 b3b94d9be4aba8f6d2d1cb164603e81b0a6ee17352f9e2ba5b58e325e610ca5a pjproject-2.12.tar.gz
+sha256 d0feef6963b07934e821ba4328aecb4c36358515c1b3e507da5874555d713533 pjproject-2.12.1.tar.gz
sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING
diff --git a/package/libpjsip/libpjsip.mk b/package/libpjsip/libpjsip.mk
index 32cfa8c53c..a3303d1e8a 100644
--- a/package/libpjsip/libpjsip.mk
+++ b/package/libpjsip/libpjsip.mk
@@ -4,10 +4,9 @@
#
################################################################################
-LIBPJSIP_VERSION = 2.12
+LIBPJSIP_VERSION = 2.12.1
LIBPJSIP_SOURCE = pjproject-$(LIBPJSIP_VERSION).tar.gz
LIBPJSIP_SITE = $(call github,pjsip,pjproject,$(LIBPJSIP_VERSION))
-# https://github.com/pjsip/pjproject/archive/2.12.tar.gz
LIBPJSIP_DEPENDENCIES = libsrtp
LIBPJSIP_LICENSE = GPL-2.0+
--
2.35.1
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/libpjsip: security bump to version 2.12.1
2022-05-13 20:42 [Buildroot] [PATCH 1/1] package/libpjsip: security bump to version 2.12.1 Fabrice Fontaine
@ 2022-05-14 20:57 ` Peter Korsgaard
2022-05-29 8:13 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2022-05-14 20:57 UTC (permalink / raw)
To: Fabrice Fontaine; +Cc: Luca Ceresoli, buildroot
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:
> Security Issue:
> - Potential buffer overflow in pjsip_auth_create_digest()
> (GHSA-73f7-48m9-w662 a.k.a. CVE-2022-24754)
> - Denial-of-service in XML parsing due to an infinite loop
> (GHSA-5x45-qp78-g4p4 a.k.a. CVE-2022-24763)
> - Potential stack buffer overflow when printing SDP into a buffer
> (GHSA-f5qg-pqcg-765m a.k.a. CVE-2022-24764)
> - Potential out-of-bound read/write when parsing RTCP FB RPSI
> (GHSA-vhxv-phmx-g52q a.k.a. CVE-2022-24786)
> - Potential infinite loop when parsing WAV format file
> (GHSA-rwgw-vwxg-q799 a.k.a. CVE-2022-24792)
> - Potential heap buffer overflow when parsing DNS packets
> (GHSA-p6g5-v97c-w5q4 a.k.a. CVE-2022-24793)
> https://github.com/pjsip/pjproject/releases/tag/2.12.1
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Committed, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/libpjsip: security bump to version 2.12.1
2022-05-13 20:42 [Buildroot] [PATCH 1/1] package/libpjsip: security bump to version 2.12.1 Fabrice Fontaine
2022-05-14 20:57 ` Peter Korsgaard
@ 2022-05-29 8:13 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2022-05-29 8:13 UTC (permalink / raw)
To: Fabrice Fontaine; +Cc: Luca Ceresoli, buildroot
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:
> Security Issue:
> - Potential buffer overflow in pjsip_auth_create_digest()
> (GHSA-73f7-48m9-w662 a.k.a. CVE-2022-24754)
> - Denial-of-service in XML parsing due to an infinite loop
> (GHSA-5x45-qp78-g4p4 a.k.a. CVE-2022-24763)
> - Potential stack buffer overflow when printing SDP into a buffer
> (GHSA-f5qg-pqcg-765m a.k.a. CVE-2022-24764)
> - Potential out-of-bound read/write when parsing RTCP FB RPSI
> (GHSA-vhxv-phmx-g52q a.k.a. CVE-2022-24786)
> - Potential infinite loop when parsing WAV format file
> (GHSA-rwgw-vwxg-q799 a.k.a. CVE-2022-24792)
> - Potential heap buffer overflow when parsing DNS packets
> (GHSA-p6g5-v97c-w5q4 a.k.a. CVE-2022-24793)
> https://github.com/pjsip/pjproject/releases/tag/2.12.1
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Committed to 2022.02.x, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-05-29 8:13 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-05-13 20:42 [Buildroot] [PATCH 1/1] package/libpjsip: security bump to version 2.12.1 Fabrice Fontaine
2022-05-14 20:57 ` Peter Korsgaard
2022-05-29 8:13 ` Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.