Your message dated Wed, 15 Mar 2023 07:03:34 +0100
with message-id <zbfftmist2pcp...@eldamar.lan>
and subject line Accepted libosip2 5.3.0-2.1 (source) into unstable
has caused the Debian Bug report #1021662,
regarding libosip2: CVE-2022-41550
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1021662: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021662
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: libosip2
Version: 5.3.0-2
Severity: important
Tags: security upstream
Forwarded: https://savannah.gnu.org/bugs/?63103
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi,
The following vulnerability was published for libosip2.
CVE-2022-41550[0]:
| GNU oSIP v5.3.0 was discovered to contain an integer overflow via the
| component osip_body_parse_header.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2022-41550
https://www.cve.org/CVERecord?id=CVE-2022-41550
[1] https://savannah.gnu.org/bugs/?63103
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libosip2
Source-Version: 5.3.0-2.1
----- Forwarded message from Debian FTP Masters
<ftpmas...@ftp-master.debian.org> -----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 15 Mar 2023 01:04:10 +0100
Source: libosip2
Architecture: source
Version: 5.3.0-2.1
Distribution: unstable
Urgency: medium
Maintainer: Debian VoIP Team <pkg-voip-maintain...@lists.alioth.debian.org>
Changed-By: Bastian Germann <b...@debian.org>
Changes:
libosip2 (5.3.0-2.1) unstable; urgency=medium
.
* Non-maintainer upload.
* Fix CVE-2022-41550.
Checksums-Sha1:
711a9d92610658a1c0e50e668b23ccad855cf7e7 2179 libosip2_5.3.0-2.1.dsc
ca133afe88f0a19463c20fd5250c4dad564467bb 14192 libosip2_5.3.0-2.1.debian.tar.xz
9285d3d95f1f799efd789bb72135177d71af8dc9 6008
libosip2_5.3.0-2.1_source.buildinfo
Checksums-Sha256:
2d792a9d3b1c1c84ca3f166f01ec16f36423d8e4e5a384fee13c48dc9148d2fe 2179
libosip2_5.3.0-2.1.dsc
c7d078c9bb0089d1ac04292a01dfc33593d0535bc0d25709da54c3b3ba83704c 14192
libosip2_5.3.0-2.1.debian.tar.xz
e3122fae979d6478d1de9bf029cff726745aea0be9049a57b06d55867143b18d 6008
libosip2_5.3.0-2.1_source.buildinfo
Files:
2d960b2635af387fb953c584e67f2eab 2179 comm optional libosip2_5.3.0-2.1.dsc
0662cf020fbbea48897f840d2166caf6 14192 comm optional
libosip2_5.3.0-2.1.debian.tar.xz
897ed41e0e9f97533017fe91f9320358 6008 comm optional
libosip2_5.3.0-2.1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQHEBAEBCgAuFiEEQGIgyLhVKAI3jM5BH1x6i0VWQxQFAmQRC+EQHGJhZ2VAZGVi
aWFuLm9yZwAKCRAfXHqLRVZDFHEaC/4tO/2ukxr8kQthtTaUGUueErezv5sNZnHm
w/Lx77bv/IhkJbaHAN0jsCHc0B1GR5wcbaWtj4vA6fdVnkJs50E7KBK6UVkBXWhF
MPtFaGb+ZVghbXzxxQpQGGm0O4UkrLeyI0SfmkS4sy47d57ETdZQqtgA7w1gVXrf
3TgzijKo6ValZeaJ8TS4VmFOJRc+o3SEOQ6AEeMLMPRr87dQdGha6/Pgp05tEjuI
KAXM+DTbKIo9IlW9V39IfGUXGyfos+eG6a/9JOj6/17jlHvfTjQMiqcPERpyOp8c
brCM38SEzOrTxNjtEBwE0232nUaaRNRlrgdpEApYBUWZeEHepMSEFVwU7cbozyQR
SBEy6faSumqswpLIiWCvhjAIUA21LievPDtAOisb9RX1QmzPXZb4htH4Cfvb3otV
0U8lvQ5KCB/ojXEG9Tx6YYqHdz2sf7Z463qyA6+d4FQGKgngWSlID/aNwAa/Kh6z
v4g+H7WQqB2Qwd5WKufjj0QJrZP/kDI=
=bVKI
-----END PGP SIGNATURE-----
----- End forwarded message -----
--- End Message ---
