Bug 30806 - sofia-sip new security issues CVE-2022-3100[1-3]
Summary: sofia-sip new security issues CVE-2022-3100[1-3]
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal critical
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA8-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2022-09-02 18:31 CEST by David Walser
Modified: 2022-09-21 20:17 CEST (History)
6 users (show)

See Also:
Source RPM: sofia-sip-1.12.11-13.mga9.src.rpm
CVE:
Status comment:


Attachments

David Walser 2022-09-02 18:31:34 CEST

Whiteboard: (none) => MGA8TOO
Status comment: (none) => Fixed upstream in 1.13.8

Comment 1 Marja Van Waes 2022-09-02 20:48:00 CEST
Assigning to all packagers collectively, because the registered maintainer is most likely still unavailable. CC'ing him, though

CC: (none) => mageia, marja11
Assignee: bugsquad => pkg-bugs

Comment 2 Nicolas Lécureuil 2022-09-05 22:08:34 CEST
Patches added in mga8. New version pushed in mga9

src:
    - sofia-sip-1.12.11-10.1.mga8

Version: Cauldron => 8
Status comment: Fixed upstream in 1.13.8 => (none)
Assignee: pkg-bugs => qa-bugs
Whiteboard: MGA8TOO => (none)
CC: (none) => mageia

Comment 3 David Walser 2022-09-05 22:37:18 CEST
Note that this is not yet fixed in Cauldron because of a build error.

libsofia-sip-devel-1.12.11-10.1.mga8
libsofia-sip0-1.12.11-10.1.mga8
sofia-sip-1.12.11-10.1.mga8
libsofia-sip-static-devel-1.12.11-10.1.mga8

from sofia-sip-1.12.11-10.1.mga8.src.rpm
Comment 4 David Walser 2022-09-06 14:27:50 CEST
Cauldron has been fixed by Jani.
Comment 5 Thomas Andrews 2022-09-19 03:02:27 CEST
Tested in VirtualBox. No installation issues.

"Sofia-SIP is an open-source SIP  User-Agent library, compliant with the IETF RFC3261 specification (see the feature table). It can be used as a building block for SIP client software for uses such as VoIP, IM, and many other real-time and person-to-person communication services."

Sounds like developer territory to me. No previous updates, and urpmq --whatrequires wasn't much help. Looked at the file list for sifia-sip, and found some man files for some utilities. Tried a few simple ones, and they seemed to work.

Anything more is beyond me. I'm giving it an OK, mostly based on the clean install. Validating.

Keywords: (none) => validated_update
Whiteboard: (none) => MGA8-64-OK
CC: (none) => andrewsfarm, sysadmin-bugs

Dave Hodgins 2022-09-20 22:23:37 CEST

Keywords: (none) => advisory
CC: (none) => davidwhodgins

Comment 6 Mageia Robot 2022-09-21 20:17:01 CEST
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2022-0343.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED


Note You need to log in before you can comment on or make changes to this bug.