Bug#1036625: marked as done (unblock: sofia-sip/1.12.11+20110422.1+1e14eea~dfsg-5)

Wed, 24 May 2023 12:31:02 -0700 

Your message dated Wed, 24 May 2023 19:28:14 +0000
with message-id <e1q1u9e-00doqj...@respighi.debian.org>
and subject line unblock sofia-sip
has caused the Debian Bug report #1036625,
regarding unblock: sofia-sip/1.12.11+20110422.1+1e14eea~dfsg-5
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1036625: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036625
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: sofia-...@packages.debian.org, t...@security.debian.org
Control: affects -1 + src:sofia-sip

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Please unblock package sofia-sip

The latest version fixes bug#1031729 sofia-sip
informing of a denial of service CVE.

The fix for this CVE has been backported from the upstream sources.

You can find the debdiff between
1.12.11+20110422.1+1e14eea~dfsg-4 (currently in testing) and
1.12.11+20110422.1+1e14eea~dfsg-5
attached to this unblock request.

I have taken the liberty of uploading the package already
in anticipation that this request be granted on account that it fixes
a denial of service vulnerability.

unblock sofia-sip/1.12.11+20110422.1+1e14eea~dfsg-5

Cheers,
Evangelos

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEuThlVLfdJmvLjimpkPDJsYprShkFAmRsqTgACgkQkPDJsYpr
ShkLCw/7B8AxGxufx6AiZ/2M684vpNTByWW4HVqvi1l37DemoxD9d2Bn8QGvhOE7
cYwleQiHwJ0QZxDAyCKrF4VC9Z51GY6F6GwAVK207MNMoksrnw77VSVyOVTJvOV4
Eix8bkniRTH9lyrv3lgUyYhWoNZqtyrNsO1KIYveVTT9VZpuBvS6cX12Tmng7Y0U
VcltDfrgCu+LQYOyjT04zs7tQt6VHncWhv7CSV/p0cIT8A8ZeJOU7RiQDkMBomyL
04FMG7nYdWQk+spSZ4/nLY4XzZ8NLZllTrtavVas7dPCqywX+VVvG3Zhb1e5hgqL
gVkkEL7lYN2uknPoCie7t2yXrIb65z8iQqYGYN/Kvk2m34X/haExHpsXB4iU1cUt
84FFOFMWEvTfV4iH1oxvd+vRtySsl3Kr276fvP/YilWvScQu8XI1iyLr/IxH8CJd
72NBxdGh/m1NfoK2kIv4fy/6F/BVBWl3mQy+yEkMJBmrFHCqQ6gN0rRFwxJSpwQv
8GadOpo4USNylLt+IND3VCnSHnl4Pv3H69oiiIuftt1QO8cmnGbDdURkkjAjRUMK
07L5j7kcUUCshNWmt+LXtbGPXaloRWalCM15roG/92vu790zo93hl8+yFJRGcsQk
FjRHDpa9BG/Z3LFpENPxRNygndb/AUE5NxWPChFzsfuHvqo7RzU=
=cxDT
-----END PGP SIGNATURE-----

diff -Nru sofia-sip-1.12.11+20110422.1+1e14eea~dfsg/debian/changelog 
sofia-sip-1.12.11+20110422.1+1e14eea~dfsg/debian/changelog
--- sofia-sip-1.12.11+20110422.1+1e14eea~dfsg/debian/changelog  2023-02-08 
09:46:57.000000000 +0100
+++ sofia-sip-1.12.11+20110422.1+1e14eea~dfsg/debian/changelog  2023-05-23 
05:53:48.000000000 +0200
@@ -1,3 +1,13 @@
+sofia-sip (1.12.11+20110422.1+1e14eea~dfsg-5) unstable; urgency=medium
+
+  * Add patch to fix reported CVE; add copyright of patch.
+    For further information see:
+    - CVE-2022-47516[0]
+    [0] https://security-tracker.debian.org/tracker/CVE-2022-47516
+        https://www.cve.org/CVERecord?id=CVE-2022-47516 (closes: bug#1031792)
+
+ -- Evangelos Ribeiro Tzaras <devrtz-deb...@fortysixandtwo.eu>  Tue, 23 May 
2023 05:53:48 +0200
+
 sofia-sip (1.12.11+20110422.1+1e14eea~dfsg-4) unstable; urgency=high (fixes a 
CVE)
 
   * Rename patches to indicate they have been picked from upstream
diff -Nru sofia-sip-1.12.11+20110422.1+1e14eea~dfsg/debian/copyright 
sofia-sip-1.12.11+20110422.1+1e14eea~dfsg/debian/copyright
--- sofia-sip-1.12.11+20110422.1+1e14eea~dfsg/debian/copyright  2023-02-08 
09:46:57.000000000 +0100
+++ sofia-sip-1.12.11+20110422.1+1e14eea~dfsg/debian/copyright  2023-05-23 
05:53:48.000000000 +0200
@@ -250,6 +250,7 @@
 Copyright:
   2022  Andrey Volk <andyw...@gmail.com>
   2022  Qiuhao Li <qiuhao...@outlook.com>
+  2022  Dave Horton <da...@beachdognet.com>
 License-Grant:
  This library is free software;
  you can redistribute it and/or modify it
diff -Nru 
sofia-sip-1.12.11+20110422.1+1e14eea~dfsg/debian/patches/0005-cve-dos-wrong-assert.patch
 
sofia-sip-1.12.11+20110422.1+1e14eea~dfsg/debian/patches/0005-cve-dos-wrong-assert.patch
--- 
sofia-sip-1.12.11+20110422.1+1e14eea~dfsg/debian/patches/0005-cve-dos-wrong-assert.patch
    1970-01-01 01:00:00.000000000 +0100
+++ 
sofia-sip-1.12.11+20110422.1+1e14eea~dfsg/debian/patches/0005-cve-dos-wrong-assert.patch
    2023-05-23 05:53:48.000000000 +0200
@@ -0,0 +1,22 @@
+From: Dave Horton <da...@beachdognet.com>
+Date: Mon, 28 Nov 2022 14:44:30 -0500
+Subject: remove assert that can reasonably be expected to happen
+
+(cherry picked from commit cadf505d88e2971d24b6a4379ddbb1398d8ec443)
+---
+ libsofia-sip-ua/tport/tport.c | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/libsofia-sip-ua/tport/tport.c b/libsofia-sip-ua/tport/tport.c
+index c3bc2b6..18dfd47 100644
+--- a/libsofia-sip-ua/tport/tport.c
++++ b/libsofia-sip-ua/tport/tport.c
+@@ -3309,8 +3309,6 @@ tport_t *tport_tsend(tport_t *self,
+   tp_name_t tpn[1];
+   struct sigcomp_compartment *cc;
+ 
+-  assert(self);
+-
+   if (!self || !msg || !_tpn) {
+     msg_set_errno(msg, EINVAL);
+     return NULL;
diff -Nru sofia-sip-1.12.11+20110422.1+1e14eea~dfsg/debian/patches/series 
sofia-sip-1.12.11+20110422.1+1e14eea~dfsg/debian/patches/series
--- sofia-sip-1.12.11+20110422.1+1e14eea~dfsg/debian/patches/series     
2023-02-08 09:46:57.000000000 +0100
+++ sofia-sip-1.12.11+20110422.1+1e14eea~dfsg/debian/patches/series     
2023-05-23 05:53:48.000000000 +0200
@@ -4,3 +4,4 @@
 0002-cve-fix-oob-read-url_canonize.patch
 0003-cve-fix-heap-overflow-by-two.patch
 0004-cve-check-stun-message-and-attr-len.patch
+0005-cve-dos-wrong-assert.patch

--- End Message ---
--- Begin Message --- 
Unblocked.

--- End Message ---

Reply via email to