Your message dated Sun, 12 Jan 2014 21:18:22 +0000 with message-id <e1w2sqi-0002m4...@franck.debian.org> and subject line Bug#711163: fixed in srtp 1.4.4+20100615~dfsg-2+deb7u1 has caused the Debian Bug report #711163, regarding srtp: CVE-2013-2139 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 711163: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=711163 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: srtp Severity: grave Tags: security This was assigned CVE-2013-2139: http://seclists.org/fulldisclosure/2013/Jun/10 Fix: https://github.com/cisco/libsrtp/pull/27 Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: srtp Source-Version: 1.4.4+20100615~dfsg-2+deb7u1 We believe that the bug you reported is fixed in the latest version of srtp, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 711...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated srtp package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 02 Jan 2014 16:38:07 +0100 Source: srtp Binary: libsrtp0-dev libsrtp0 srtp-docs srtp-utils Architecture: source all amd64 Version: 1.4.4+20100615~dfsg-2+deb7u1 Distribution: wheezy-security Urgency: high Maintainer: Jonas Smedegaard <d...@jones.dk> Changed-By: Salvatore Bonaccorso <car...@debian.org> Description: libsrtp0 - Secure RTP (SRTP) and UST Reference Implementations - shared libr libsrtp0-dev - Secure RTP (SRTP) and UST Reference Implementations - development srtp-docs - Secure RTP (SRTP) and UST Reference Implementations - documentati srtp-utils - Secure RTP (SRTP) and UST Reference Implementations - utilities Closes: 711163 Changes: srtp (1.4.4+20100615~dfsg-2+deb7u1) wheezy-security; urgency=high . * Non-maintainer upload by the Security Team. * Add 1009_CVE-2013-2139.patch patch. CVE-2013-2139: buffer overflow in application of crypto profiles. (Closes: #711163) Checksums-Sha1: 80e6386407bb9819730238b45c683e9f76b9629b 2291 srtp_1.4.4+20100615~dfsg-2+deb7u1.dsc 0061ec1f7a89f4e38a2b79a8c443c739b26af583 249825 srtp_1.4.4+20100615~dfsg.orig.tar.gz 9999ba6079844d891cd46771a19c2cf0c67a6fb8 15725 srtp_1.4.4+20100615~dfsg-2+deb7u1.debian.tar.gz e7842927ee405ffb8473c666e76f24cfed2ed35b 232490 srtp-docs_1.4.4+20100615~dfsg-2+deb7u1_all.deb 10bbffecba2438a95bc1bd8f98c93f2064cf5223 117070 libsrtp0-dev_1.4.4+20100615~dfsg-2+deb7u1_amd64.deb 6de471336059069907933b44fb08d66a493341de 79752 libsrtp0_1.4.4+20100615~dfsg-2+deb7u1_amd64.deb e74f9eba428a5170aac1d96f4924ea82410db102 360944 srtp-utils_1.4.4+20100615~dfsg-2+deb7u1_amd64.deb Checksums-Sha256: e21b39890d89de7c156a60ff96206e81cef7f619d46653099cae2156f9eeef41 2291 srtp_1.4.4+20100615~dfsg-2+deb7u1.dsc ddcd1e84129e611bedad7f23b94ed8c446dc762a627543d59c38b5f048d7dcb1 249825 srtp_1.4.4+20100615~dfsg.orig.tar.gz 2521d0f755dc7e5c21833686c34fdb94e11ca48d32321fc2e8528bac94853629 15725 srtp_1.4.4+20100615~dfsg-2+deb7u1.debian.tar.gz b050808f7221692a792a555806bff75d73859010620378ac2c5c0643d840e27f 232490 srtp-docs_1.4.4+20100615~dfsg-2+deb7u1_all.deb bb32049a4529a0d46fff3fe5b418966c028c726add84f97e05e4f162a6a45417 117070 libsrtp0-dev_1.4.4+20100615~dfsg-2+deb7u1_amd64.deb 65a64054cd91b29febe758ee2e49cf399f03e61979699efab059afe46a871c68 79752 libsrtp0_1.4.4+20100615~dfsg-2+deb7u1_amd64.deb 0de3bed2a686be1db8bf21a0e7ea43a40a4e7704e2e81b0478ba4f8c0603c4b3 360944 srtp-utils_1.4.4+20100615~dfsg-2+deb7u1_amd64.deb Files: df9097d72e2593be83401b11b18dc4b1 2291 libs optional srtp_1.4.4+20100615~dfsg-2+deb7u1.dsc debe7fe729d1122f0d22f682a9f27be8 249825 libs optional srtp_1.4.4+20100615~dfsg.orig.tar.gz 0c5f0b1eff752e7640ee41b3c5977769 15725 libs optional srtp_1.4.4+20100615~dfsg-2+deb7u1.debian.tar.gz 57f4234dfe648064acbe10ace6634e4f 232490 doc optional srtp-docs_1.4.4+20100615~dfsg-2+deb7u1_all.deb 88ed16e263f79215eec4ba769ff7284f 117070 libdevel optional libsrtp0-dev_1.4.4+20100615~dfsg-2+deb7u1_amd64.deb 823e502b75c2d371b18e7607940be8e9 79752 libs optional libsrtp0_1.4.4+20100615~dfsg-2+deb7u1_amd64.deb 3704e02639ea749f69c9d220ff69d5dd 360944 libs optional srtp-utils_1.4.4+20100615~dfsg-2+deb7u1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) iQIcBAEBCgAGBQJSyc3lAAoJEAVMuPMTQ89EBy8QAJPUBb1vTD5kyTcDcXxYvEMh ncHvVTRBQMqOfPZF579FdUy4zqUN269k57su337ppb6C0j1T5NPPUA2k3qV+/Fkn YvgBIpa0IUioc4gkLr1C1mhjfFwUnzPzLS0TztmxFnxiDgsIc/VSS4ApekuW6bc1 xsvjsQRZ9o5De9GhcSdHEXM2MY4DeqYviN6Tq5QVO47hFvWrMgUdNnFOEp++CG9g 6WSP5ItGDky9pd51yDV5lbWh8uCqDmuAArtjtwNbD+D1hzW8BBcgFCXQLLsTFWqD WXxWI/7ZDGNHtBxk+Nq6cYxB7pYEExGnoOWnNbsGrf3kmkz0KHqYiHX62FYoZEd1 aCwbTBFyb2kqXfSlPprToSYiUXAHXC6U9xvdxCVYjIvxJLStOrSDfmFj3xJMCSsw WyG6JernYTjExHxJh5stOMVc+arrcrFsdRNn//6D+1fHho2A042ZfGGduB1QBs95 XvFIMqKQLCqeolUPagMYOL2VOi6qjzXUQCGJ211eFWaBWsSAoHf+P/rrj/aC8OAV L6f3hegav3aeR87QuBAySBOmnHrEoLSy5mSFsbxUqfQ/t5C1HTocURr2KoGel3lR xikcTNv3J3t7s6l2/6541fbWXn0NhLQQJ6bDql2rTBhDHMxWebxPYMNwI/isgG6A 7nrS9yEYTpCUdvvXBDZZ =bpkC -----END PGP SIGNATURE-----
--- End Message ---
