On 2016/04/24 19:15, Sevan Janiyan wrote: > Hello, > telephony/kamailio in ports is vulnerable to the advisory outlined in > https://census-labs.com/news/2016/03/30/kamailio-seas-heap-overflow/ > > Regards > > > Sevan >
Hmm, is patches/patch-modules_seas_encode_msg_c not enough then? My last comments about Kamailio, no reply yet: ----- Forwarded message from Stuart Henderson <[email protected]> ----- From: Stuart Henderson <[email protected]> Date: Sun, 13 Mar 2016 15:05:15 +0000 To: Roman Kravchuk <[email protected]> Cc: ports <[email protected]> User-Agent: Mutt/1.5.24 (2015-08-30) Subject: Re: Update: telephony/kamailio to 4.3.5 Mail-Followup-To: Roman Kravchuk <[email protected]>, ports <[email protected]> On 2016/03/13 15:43, Roman Kravchuk wrote: > With disabled CRYPTO_set_mem_functions tls module loaded but kamailio > crashed on close connection I don't know how to handle this then, the port can't depend on security/openssl. Perhaps upstream could help.. Since the current version is already broken in the same way, shall I just commit the update (minus the openssl dep) for now? ----- End forwarded message -----
