[SECURITY] [DLA 3036-1] pjproject security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3036-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Abhijith PA
May 31, 2022 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : pjproject
Version : 2.5.5~dfsg-6+deb9u5
CVE ID : CVE-2022-24763 CVE-2022-24792 CVE-2022-24793
Multiple security issues were discovered in pjproject, is a free and
open source multimedia communication library
CVE-2022-24763
a denial-of-service vulnerability that affects PJSIP users that
consume PJSIP's XML parsing in their apps.
CVE-2022-24792
A denial-of-service vulnerability affects applications on a 32-bit
systems to play/read invalid WAV files. The vulnerability occurs
when reading WAV file data chunks with length greater than 31-bit
integers. The vulnerability does not affect 64-bit apps and should
not affect apps that only plays trusted WAV files
CVE-2022-24793
A buffer overflow vulnerability affects applications that uses
PJSIP DNS resolution. It doesn't affect PJSIP users who utilize an
external resolver.
For Debian 9 stretch, these problems have been fixed in version
2.5.5~dfsg-6+deb9u5.
We recommend that you upgrade your pjproject packages.
For the detailed security status of pjproject please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/pjproject
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAmKV2xMACgkQhj1N8u2c
KO8kBRAAgyPZ9alaPMSLD4dGuspRYHl5xOmcw9DHxoj+Aj+2ymVLmcRhVhl0ffKP
2idEA3IcCET0uovn1sNG9ZLqyQ9HYCe56w812Ypdafbc6swDGYg0rRbX5bQ7jgD0
KiJfsJ7mC8leM6hFjQVbTJxGb4krFZTSFC0ll9NGBgFCPSg9K2kPDyY9PbdTKgHK
l5G3ju1guFTHdo5y4j/xgpLysTxN/lNxIKoWf65Fzjb7TNSoxuhdTWvM/TN7nUw2
RAbW0TzIQumXXXpcdPUybjr2nS8Oe/2QPjSs0cokOWGA4AExxrH+1IIZyGzJizny
kNcB7JWuSiokN/5RXdDjCnNIWSgLMzejJ6l5nielb3o8pVhllErKYnCw8hpSCR0P
uI1ru16V3L9OHSynTGxZ7fKwdEGYD/3OC8waWHZAo7tk9RyJtU1+E4rZxCNqzlkr
EETIpWyraP+iTejEIPVxw7hESJJEb4ZWn3S+Ff41PzlRdkwmKFY1iccKKvPkn8Ff
JikJL5ow29ms1eFnFYTGMJ8+1w1bwuXTgAMqQwPoUtPLaWkV6g89uy0l4tspaXSC
8Cj8XyaMmVFloIyYR1xEgBardFLRfQ563Kev7VzVm+jkj7bQkEaxZpep8mWZojD0
FZNyt1+pOAxkYkhEkTjqBdCtf4HYDcgGivvZ+UDMFjb4gLIx7jA=
=OQ2B
-----END PGP SIGNATURE-----
Reply to: