Debian Patches

Status for sofia-sip/1.12.11+20110422.1+1e14eea~dfsg-6

Patch Description Author Forwarded Bugs Origin Last update
1001_fix_undefined_behaviour_accessing_msg_mclass_s_members.patch Fix undefined behaviour accessing msg_mclass_s members The original loop iterates over discrete msg_href_t members using the
mc_request member as a base. But this isn't valid code, since the
struct may be padded between each member, and this indeed fails horribly
when compiled with optimisation using gcc 4.8.2-8.

Thanks to Radist Morse for pinning down the precise location of the buggy
code, and the patch posted here:
https://bugzilla.redhat.com/show_bug.cgi?id=981056		 Ron <ron@debian.org> no 2022-02-21
1002-Let-openSSL-negotiate-SSL-TLS-method.patch Let openSSL negotiate SSL/TLS method Evangelos Ribeiro Tzaras <devrtz@fortysixandtwo.eu> no 2022-05-12
0001-cve-fix-oob-read-sip_method_d.patch Fix Out-of-bound read in sip_method_d Andrey Volk <andywolk@gmail.com> yes debian upstream 2022-08-13
0002-cve-fix-oob-read-url_canonize.patch Fix Out-of-bound read in url_canonize2 and url_canonize3 Andrey Volk <andywolk@gmail.com> yes debian upstream 2022-08-13
0003-cve-fix-heap-overflow-by-two.patch Fix Heap-buffer-overflow in parse_descs and parse_message Andrey Volk <andywolk@gmail.com> yes debian upstream 2022-08-13
0004-cve-check-stun-message-and-attr-len.patch stun: add checks for STUN messag len and attr len
(cherry picked from commit 9defd6f72dd416ee4fcc1a23cccbb159990da0f6)		 Qiuhao Li <Qiuhao.Li@outlook.com> no 2023-02-08
0005-cve-dos-wrong-assert.patch remove assert that can reasonably be expected to happen
(cherry picked from commit cadf505d88e2971d24b6a4379ddbb1398d8ec443)		 Dave Horton <daveh@beachdognet.com> no 2022-11-28
0008-stun-add-checks-for-attribute-length-before-read-fro.patch stun: add checks for attribute length before read from it
(cherry picked from commit c3bbc50c88d168065de34ca01b9b1d98c1b0e810)		 Xu Biang <xubiang@hust.edu.cn> no 2023-05-06

All known versions for source package 'sofia-sip'

Links