Hi, I tried to fix CVE-2021-32686 by using patch from upstream.
I think the problem is hard to solve: - patch does not apply cleanly and backport will be difficult (moreover it is hard to test this kind of race condition) - ring use a heavy patched PJSIP. A solution will be to use the repackaged dfsg pjsip from asterisk (debian dir) and try if ring patches apply However the second solution will take time for something that is DOS by NULL pointer deference.... Maybe a dsa-ignore will be better for this issue Bastien
signature.asc
Description: This is a digitally signed message part.
