Debian's patch applies cleanly.

Patched package uploaded for Mageia 3.

Advisory:
========================

Updated srtp package fixes security vulnerability:

Fernando Russ from Groundworks Technologies reported a buffer overflow flaw
in srtp, Cisco's reference implementation of the Secure Real-time Transport
Protocol (SRTP), in how the crypto_policy_set_from_profile_for_rtp() function
applies cryptographic profiles to an srtp_policy. A remote attacker could
exploit this vulnerability to crash an application linked against libsrtp,
resulting in a denial of service (CVE-2013-2139).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2139
https://www.debian.org/security/2014/dsa-2840
========================

Updated packages in core/updates_testing:
========================
srtp-1.4.4-3.1.mga3

from srtp-1.4.4-3.1.mga3.src.rpm

Assignee: fundawang => qa-bugs

This package only contains a static library, and is not BuildRequire'd by anything in Mageia 3 (it is BR'd by kopete in Mageia 4 and Cauldron).  I'm not sure why this package even existed in Mageia 3.  Anyway, for Mageia 3, there's nothing that can be tested, other than that it installs fine.  Adding the OK for Mageia 3 i586.

Whiteboard: (none) => has_procedure MGA3-32-OK

An easy one then :

Before update testing :
# rpm -q srtp
srtp-1.4.4-3.mga3

After update testing :
# rpm -q srtp
srtp-1.4.4-3.1.mga3

CC: (none) => olchal
Whiteboard: has_procedure MGA3-32-OK => has_procedure MGA3-32-OK MGA3-64-OK

Sorry, in comment 3, that was Mageia3-64 real HW testing.

Validating, advisory uploaded.

Keywords: (none) => validated_update
Whiteboard: has_procedure MGA3-32-OK MGA3-64-OK => has_procedure MGA3-32-OK MGA3-64-OK advisory
CC: (none) => remi, sysadmin-bugs

An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGASA-2014-0465.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED