Your message dated Sun, 02 May 2021 00:33:46 +0000 with message-id <e1ld03o-0009ha...@fasolo.debian.org> and subject line Bug#986815: fixed in ring 20210112.2.b757bac~ds1-1 has caused the Debian Bug report #986815, regarding CVE-2021-21375 CVE-2020-15260 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 986815: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986815 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: ring Severity: grave Tags: security X-Debbugs-Cc: Debian Security Team <t...@security.debian.org> ring bundles pjproject, so it's probably also affected by CVE-2021-21375? Advisory for pjproject is https://github.com/pjsip/pjproject/security/advisories/GHSA-hvq6-f89p-frvp Patch: https://github.com/pjsip/pjproject/commit/97b3d7addbaa720b7ddb0af9bf6f3e443e664365 Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: ring Source-Version: 20210112.2.b757bac~ds1-1 Done: Alexandre Viau <av...@debian.org> We believe that the bug you reported is fixed in the latest version of ring, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 986...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Alexandre Viau <av...@debian.org> (supplier of updated ring package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 17 Jan 2021 16:39:58 -0500 Source: ring Architecture: source Version: 20210112.2.b757bac~ds1-1 Distribution: unstable Urgency: medium Maintainer: Debian VoIP Team <pkg-voip-maintain...@lists.alioth.debian.org> Changed-By: Alexandre Viau <av...@debian.org> Closes: 979492 980571 986815 Changes: ring (20210112.2.b757bac~ds1-1) unstable; urgency=medium . [ Alexandre Viau ] * New upstream snapshot. * d/copyright: ignore ONNX Runtime. . [ Thorsten Alteholz ] * CVE-2020-15260 (Closes: #986815) Adding remote hostname authentication when reusing transport connections to the same IP address. * CVE-2021-21375 The embedded copy of pjproject is affected by this CVE. Due to bad handling of two consecutive crafted answers to an INVITE, the attacker is able to crash the server resulting in a denial of service. . [ Amin Bandali ] * d/patches: add upstream patch for fixing SIP calls to zoom. (Closes: #980571) * d/patches: add patch for improving the appstream description. . [ Bruno Kleinert ] * d/control: improve package description. (Closes: #979492) Checksums-Sha1: 832c9234390a3f4e9dde3983858a3da21e2b9161 2962 ring_20210112.2.b757bac~ds1-1.dsc 57d0bb13b5799bb1639cb5790231ed3c6747538a 112050224 ring_20210112.2.b757bac~ds1.orig.tar.gz 4a96ccb3816fc1302f772a3583d837a1acd27029 22076 ring_20210112.2.b757bac~ds1-1.debian.tar.xz 4990b6f0bea12e37fdd0a32019200d3d93abe6bd 24755 ring_20210112.2.b757bac~ds1-1_source.buildinfo Checksums-Sha256: 26eeb6e0d9a36320d3a3e5b1334284b12c3826bd5579bd650ecfbc196850ecab 2962 ring_20210112.2.b757bac~ds1-1.dsc 17e3f6fb6a61cffdce49c4ccd12c65f414d47bde94b80ba08a0124c004899a3f 112050224 ring_20210112.2.b757bac~ds1.orig.tar.gz b8587d8900e176f2e249887939f62951df2fb3dd46a99ae7467c0d2862b0c94b 22076 ring_20210112.2.b757bac~ds1-1.debian.tar.xz 4a6af262f8972ab0e0d199b1e7d9b7a73317349a8e8b3a75dbd0257414896148 24755 ring_20210112.2.b757bac~ds1-1_source.buildinfo Files: f8400ff0d01f90d668475e5a448e4dfe 2962 comm optional ring_20210112.2.b757bac~ds1-1.dsc 7725eca0941c818b8daf5e2ea7a8202e 112050224 comm optional ring_20210112.2.b757bac~ds1.orig.tar.gz 0f1525aa63c033a546a4cfba1d4614ea 22076 comm optional ring_20210112.2.b757bac~ds1-1.debian.tar.xz 9f57fff493b72f4fc461c46daaad68b0 24755 comm optional ring_20210112.2.b757bac~ds1-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEB0B3ii38SjnAyLyMjysRPGU1xacFAmCN8JgACgkQjysRPGU1 xafOFA/9Ed9p+l3ZPv0FEYB4uvCTLlgTCTtjIQcme+wvO/bP6gKs1LDsSVo14Bz2 /7U7vPXL2eo5tWiNmMwSPOBXvyw0f+XRPVtrDjQk7tpagnOYYIjkcPz+7l0PeWB9 vPPYmwBmJrflXqPbZmLXd4sYouLsKtHL3qs0dfFozVYrM8xNLBO5G3EpDqvCxSOM DWr6U9r7+vvkgstxPusX5gYFJcbynctKF3xTVgd4ak74UVJi4LafdB8+9byF2O6d Z43/H3Q11tiZtYw1huGIklyfSb5MJpKp5PPN+fNZJzEwKIBZrYF5KioCQCf7nXSF EAd4rBEOgwak88AfX4Z9xkD50hoXCuR9wzhnysVF06V6ENWOK7np6FgA+NCiDeV6 GzQnUqfIYcHwarQjLqhXne4HCGL8DUN7Xc/J2bhzWMeM1GtFwXuIjar7yMTPg0Ev TJulR7o/lt5sWkvO+COgjGkyF3QJshJSLKf7/wTdHnzpHv7jNfwhym9WJInb6Dkx zEHss/k9np2947pSc+vpHZNbwdAZyf2+mzX7b6eUgp3XNGqEz+n2eZz7yxHx/KNK 1G/ovVqEe08JXeEAsWXre8b8WUyqb8sPtXmseib5XuHWrXZaz7gNrZWXRXjozVb4 HSHe/EUeB1/OeQIuuUA4jfqssPGNX0Wie2RRGk1DmRjJLurcsx8= =A2NE -----END PGP SIGNATURE-----
--- End Message ---
