Bug 22894

Summary: pjproject new security issues CVE-2017-16872, CVE-2017-16875, CVE-2018-1000098, CVE-2018-1000099
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: RĂ©mi Verschelde <rverschelde>
Status: RESOLVED OLD QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: jani.valimaa, marja11, mhrambo3501
Version: 6   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: pjproject-2.6-1.mga7.src.rpm CVE:
Status comment: Fixed upstream in 2.7.2

Description David Walser 2018-04-11 23:54:01 CEST 
Debian has issued an advisory on April 9:
https://www.debian.org/security/2018/dsa-4170

It looks like the issues are fixed upstream in 2.7.2.

Upstream advisories for two of the issues are here:
http://downloads.asterisk.org/pub/security/AST-2018-002.html
http://downloads.asterisk.org/pub/security/AST-2018-003.html

Mageia 5 and Mageia 6 are also affected.
David Walser 2018-04-11 23:54:16 CEST

Whiteboard: (none) => MGA6TOO

Comment 1 Marja Van Waes 2018-04-12 09:48:39 CEST 
Assigning to the registered maintainer.

CC: (none) => marja11
Assignee: bugsquad => rverschelde

David Walser 2018-05-04 08:29:59 CEST

Status comment: (none) => Fixed upstream in 2.7.2

Comment 2 David Walser 2019-01-03 00:31:54 CET 
I looked into updating this, but couldn't because of the rfc patch Jani added.  One hunk of it doesn't apply because the code changed, and it's not obvious how to fix it.

CC: (none) => jani.valimaa

Comment 3 David Walser 2019-01-21 16:48:30 CET 
pjproject-2.7.2-1.mga7 uploaded for Cauldron by Jani.

Version: Cauldron => 6
Whiteboard: MGA6TOO => (none)

Comment 4 Mike Rambo 2019-11-06 13:24:11 CET 
Mageia 6 is EOL.

Status: NEW => RESOLVED
Resolution: (none) => OLD
CC: (none) => mrambo