Debian-LTS has issued an advisory today (September 2): https://www.debian.org/lts/security/2022/dla-3091 The issues are fixed upstream in 1.13.8: https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-79jq-hh82-cv9g https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-g3x6-p824-x6hm https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8w5j-6g2j-pxcp Mageia 8 is also affected.
Whiteboard: (none) => MGA8TOOStatus comment: (none) => Fixed upstream in 1.13.8
Assigning to all packagers collectively, because the registered maintainer is most likely still unavailable. CC'ing him, though
CC: (none) => mageia, marja11Assignee: bugsquad => pkg-bugs
Patches added in mga8. New version pushed in mga9 src: - sofia-sip-1.12.11-10.1.mga8
Version: Cauldron => 8Status comment: Fixed upstream in 1.13.8 => (none)Assignee: pkg-bugs => qa-bugsWhiteboard: MGA8TOO => (none)CC: (none) => mageia
Note that this is not yet fixed in Cauldron because of a build error. libsofia-sip-devel-1.12.11-10.1.mga8 libsofia-sip0-1.12.11-10.1.mga8 sofia-sip-1.12.11-10.1.mga8 libsofia-sip-static-devel-1.12.11-10.1.mga8 from sofia-sip-1.12.11-10.1.mga8.src.rpm
Cauldron has been fixed by Jani.
Tested in VirtualBox. No installation issues. "Sofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification (see the feature table). It can be used as a building block for SIP client software for uses such as VoIP, IM, and many other real-time and person-to-person communication services." Sounds like developer territory to me. No previous updates, and urpmq --whatrequires wasn't much help. Looked at the file list for sifia-sip, and found some man files for some utilities. Tried a few simple ones, and they seemed to work. Anything more is beyond me. I'm giving it an OK, mostly based on the clean install. Validating.
Keywords: (none) => validated_updateWhiteboard: (none) => MGA8-64-OKCC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0343.html
Status: NEW => RESOLVEDResolution: (none) => FIXED