Debian Security Advisory
DLA-393-1 srtp -- LTS security update
- Date Reported:
- 18 Jan 2016
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2015-6360.
- More information:
Prevent potential DoS attack due to lack of bounds checking on RTP header CSRC count and extension header length. Credit goes to Randell Jesup and the Firefox team for reporting this issue.
(As there is no aead mode available in the Squeeze version, only srtp_unprotect() needed to be patched)