[asterisk-bugs] [JIRA] (ASTERISK-29945) pjproject: Security fixes for things

Friendly Automation (JIRA) noreply at issues.asterisk.org
Fri Mar 4 12:37:07 CST 2022


    [ https://issues.asterisk.org/jira/browse/ASTERISK-29945?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=258277#comment-258277 ] 

Friendly Automation commented on ASTERISK-29945:
------------------------------------------------

Change 18133 merged by Kevin Harwell:
AST-2022-004: pjproject - possible integer underflow on STUN message

[https://gerrit.asterisk.org/c/asterisk/+/18133|https://gerrit.asterisk.org/c/asterisk/+/18133]

> pjproject: Security fixes for things
> ------------------------------------
>
>                 Key: ASTERISK-29945
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-29945
>             Project: Asterisk
>          Issue Type: Security
>          Components: pjproject/pjsip
>    Affects Versions: 16.24.0, 18.10.0, 19.2.0
>            Reporter: Kevin Harwell
>            Assignee: Kevin Harwell
>            Severity: Blocker
>              Labels: security
>      Target Release: 16.24.1, 18.10.1, 19.2.1
>
>
> With the release of pjproject 2.12 there were some security fixes included. Most of these don't affect us, but a few do:
> https://github.com/pjsip/pjproject/security/advisories/GHSA-2qpg-f6wf-w984
> https://github.com/pjsip/pjproject/security/advisories/GHSA-ffff-m5fm-qm62
> https://github.com/pjsip/pjproject/security/advisories/GHSA-7fw8-54cv-r7pm
> Backport these patches into current bundled.



--
This message was sent by Atlassian JIRA
(v6.2#6252)



More information about the asterisk-bugs mailing list