FS#38422 : [libsrtp] security patch for CVE-2013-2139

FS#38422 - [libsrtp] security patch for CVE-2013-2139

Attached to Project: Arch Linux
Opened by RbN (RbN) - Wednesday, 08 January 2014, 21:36 GMT
Last edited by Eric Belanger (Snowman) - Thursday, 06 February 2014, 23:19 GMT

Task Type	Bug Report
Category	Packages: Extra
Status	Closed
Assigned To	Eric Belanger (Snowman)
Architecture	All
Severity	High
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

Description(RedHat Bugzilla [0]):
"A buffer overflow flaw was reported [1] in libsrtp, Cisco's reference implementation of the Secure Real-time Transport Protocol (SRTP), in how the crypto_policy_set_from_profile_for_rtp() function applies cryptographic profiles to an srtp_policy. This could allow for a crash of a client linked against libsrtp (like asterisk or linphone)."

Resolution:
apply patch of the pull request [1]

Ressources:
[0] https://bugzilla.redhat.com/show_bug.cgi?id=970697
[1] https://github.com/cisco/libsrtp/pull/27

This task depends upon

Closed by Eric Belanger (Snowman)
Thursday, 06 February 2014, 23:19 GMT
Reason for closing: Fixed
Additional comments about closing: libsrtp-15.1c9bd90-3

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#38422 - [libsrtp] security patch for CVE-2013-2139

Details

Loading...