Debian-LTS has issued an advisory on June 2: https://www.debian.org/lts/security/2023/dla-3441 The issue is fixed upstream in 1.13.15: https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-rm4c-ccvf-ff9c Mageia 8 is also affected.
Whiteboard: (none) => MGA8TOOStatus comment: (none) => Fixed upstream in 1.13.15
Another one for you, David; since you have done all updates for this for several versions, since 1.13.10.
Assignee: bugsquad => geiger.david68210
Done for both mga8 and cauldron! Freeze_move requested for cauldron.
Fixed for cauldron
Version: Cauldron => 8Whiteboard: MGA8TOO => (none)Status comment: Fixed upstream in 1.13.15 => (none)
Assigning to QA, Packages in 8/Core/Updates_testing: ====================== libsofia-sip-devel-1.12.11-10.4.mga8 libsofia-sip-static-devel-1.12.11-10.4.mga8 libsofia-sip0-1.12.11-10.4.mga8 lib64sofia-sip-devel-1.12.11-10.4.mga8 sofia-sip-1.12.11-10.4.mga8 lib64sofia-sip-static-devel-1.12.11-10.4.mga8 lib64sofia-sip0-1.12.11-10.4.mga8 From SRPMS: sofia-sip-1.12.11-10.4.mga8.src.rpm
Assignee: geiger.david68210 => qa-bugs
CC: (none) => geiger.david68210
mga8, x64 These libraries provide SIP user agent services for various personal intercommunication services such as VoIP and Instant Messaging. They would be used as building blocks in a development environment intended to support such services and as such cannot be readily tested in QA. There is a complex PoC which again is outside our remit so all we can do is guarantee a smooth update. $ rpm -qa | grep sofia lib64sofia-sip-devel-1.12.11-10.2.mga8 lib64sofia-sip-static-devel-1.12.11-10.2.mga8 sofia-sip-1.12.11-10.2.mga8 telepathy-sofiasip-0.7.1-10.mga8 lib64sofia-sip0-1.12.11-10.2.mga8 Updated the 64-bit packages via qarepo and MageiaUpdate. Something odd in the second stage. "Downloader cannot handle metalink..." and curl reported four failures. Repeated MageiaUpdate from the OK and this time there was no problem. $ rpm -qa | grep sofia-sip lib64sofia-sip-static-devel-1.12.11-10.4.mga8 sofia-sip-1.12.11-10.4.mga8 lib64sofia-sip0-1.12.11-10.4.mga8 lib64sofia-sip-devel-1.12.11-10.4.mga8 Advice?
CC: (none) => tarazed25
sofia-sip is used by telepathy-sofiasip. I don't know if you have a way to test that. Debian has issued an advisory for this on June 16: https://www.debian.org/security/2023/dsa-5431
Thanks Dave. I saw it at the buttom of my list, the only "external application", and after a brief look at what it does decided it was out of my league. I figured that you have to have some sort of development structure in place already for it to be useful. So a clean install it is - unless the glitch in MageiaUpdate counts against that.
Whiteboard: (none) => MGA8-64-OK
Validating.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
CC: (none) => davidwhodginsKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0209.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED