Control: fixed -1 5.3.0-2.1
I have just uploaded a NMU to fix this. debdiff attached.
diff -Nru libosip2-5.3.0/debian/changelog libosip2-5.3.0/debian/changelog
--- libosip2-5.3.0/debian/changelog 2022-03-08 23:51:47.000000000 +0100
+++ libosip2-5.3.0/debian/changelog 2023-03-15 01:04:10.000000000 +0100
@@ -1,3 +1,10 @@
+libosip2 (5.3.0-2.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Fix CVE-2022-41550.
+
+ -- Bastian Germann <b...@debian.org> Wed, 15 Mar 2023 01:04:10 +0100
+
libosip2 (5.3.0-2) unstable; urgency=medium
* enable testsuite
diff -Nru libosip2-5.3.0/debian/patches/CVE-2022-41550.patch
libosip2-5.3.0/debian/patches/CVE-2022-41550.patch
--- libosip2-5.3.0/debian/patches/CVE-2022-41550.patch 1970-01-01
01:00:00.000000000 +0100
+++ libosip2-5.3.0/debian/patches/CVE-2022-41550.patch 2023-03-15
01:04:10.000000000 +0100
@@ -0,0 +1,22 @@
+Origin: upstream, f77f16c832c3c37589c2b749f01b644dc44a55b5
+From: Aymeric Moizard <amoiz...@gmail.com>
+Date: Tue, 27 Sep 2022 11:03:15 +0200
+Subject: [bug #63103] https://savannah.gnu.org/bugs/?63103 * in multipart
+ bodies, LWS can't exist
+
+---
+ src/osipparser2/osip_body.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/osipparser2/osip_body.c b/src/osipparser2/osip_body.c
+index 6490e4f..c28b831 100644
+--- a/src/osipparser2/osip_body.c
++++ b/src/osipparser2/osip_body.c
+@@ -237,6 +237,7 @@ static int osip_body_parse_header(osip_body_t *body, const
char *start_of_osip_b
+ i = __osip_find_next_crlf(start_of_line, &end_of_line);
+
+ if (i == -2) {
++ return OSIP_SYNTAXERROR;
+ } else if (i != 0)
+ return i; /* error case: no end of body found */
+
diff -Nru libosip2-5.3.0/debian/patches/series
libosip2-5.3.0/debian/patches/series
--- libosip2-5.3.0/debian/patches/series 1970-01-01 01:00:00.000000000
+0100
+++ libosip2-5.3.0/debian/patches/series 2023-03-15 01:03:58.000000000
+0100
@@ -0,0 +1 @@
+CVE-2022-41550.patch
