srtp: CVE-2015-6360: Prevent potential DoS attack due to lack of bounds checking on RTP header CSRC count and extension header length

Debian Bug report logs - #807698
srtp: CVE-2015-6360: Prevent potential DoS attack due to lack of bounds checking on RTP header CSRC count and extension header length

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Guido Günther <agx@sigxcpu.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: CVE-2015-6360: Prevent potential DoS attack due to lack of bounds checking on RTP header CSRC count and extension header length

Date: Fri, 11 Dec 2015 18:22:55 +0100

Source: srtp
Version: 1.4.5~20130609~dfsg-1.1
Severity: grave
Tags: security

Hi,
from what I figured out it seems the 1.4 series is also affected by
CVE-2015-6360. While there is no aead mode srtp_unprotect needs the
patch nevertheless. See:

    https://security-tracker.debian.org/tracker/CVE-2015-6360

for a list of patches.
Cheers,
 -- Guido


-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'stable-updates'), (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.1.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Message #18 received at 807698@bugs.debian.org (full text, mbox, reply):

From: Markus Koschany <apo@debian.org>

To: Guido Günther <agx@sigxcpu.org>, "team@security.debian.org" <team@security.debian.org>

Cc: 807698@bugs.debian.org

Subject: Re: CVE-2015-6360: Prevent potential DoS attack due to lack of bounds checking on RTP header CSRC count and extension header length

Date: Thu, 31 Mar 2016 05:47:22 +0200

[Message part 1 (text/plain, inline)]

Control: severity -1 important

On Fri, 11 Dec 2015 18:22:55 +0100 Guido =?iso-8859-1?Q?G=FCnther?=
<agx@sigxcpu.org> wrote:
> Source: srtp
> Version: 1.4.5~20130609~dfsg-1.1
> Severity: grave
> Tags: security
> 
> Hi,
> from what I figured out it seems the 1.4 series is also affected by
> CVE-2015-6360. While there is no aead mode srtp_unprotect needs the
> patch nevertheless. See:
> 
>     https://security-tracker.debian.org/tracker/CVE-2015-6360
> 
> for a list of patches.
> Cheers,
>  -- Guido


Hello Guido, hello Security Team,

I have investigated bug #807698, alias CVE-2015-6360, and I agree with
Guido that at least Wheezy is partially affected. I'm attaching my
proposed patch for this issue. AEAD mode is not available in those
versions, so there is only one hunk that can be applied to the
srtp_unprotect function in srtp/srtp.c.

However I don't think Jessie/Stretch/Sid are affected as well. Looking
at srtp/srtp.c again the AEAD mode is still not present and none of the
upstream commits from [1] can be applied for the srtp_protect and
srtp_unprotect functions. Thus I'm going to downgrade the severity to
important for now. I would appreciate another look and confirmation though.

Regards,

Markus


[1]
https://github.com/cisco/libsrtp/commit/704a31774db0dd941094fd2b47c21638b8dc3de2

[CVE-2015-6360.patch (text/x-diff, attachment)]

[signature.asc (application/pgp-signature, attachment)]

Message #25 received at 807698@bugs.debian.org (full text, mbox, reply):

From: Markus Koschany <apo@debian.org>

To: Debian Security Team <team@security.debian.org>

Cc: John Foley <foleyj@cisco.com>, Guido Günther <agx@sigxcpu.org>, 807698@bugs.debian.org

Subject: Re: srtp: CVE-2015-6360

Date: Thu, 31 Mar 2016 22:21:32 +0200

[Message part 1 (text/plain, inline)]

Control: severity -1 grave
Control: tags -1 patch

Am 31.03.2016 um 15:14 schrieb John Foley:
> It's my understanding the obsolete versions of libsrtp are vulnerable. 
> Quoting the original text from Randell Jesup...
> 
>     srtp_unprotect (netwerk\srtp\src\srtp\srtp.c) can experience an
>     integer underflow. If it does, it calls a decryption function with a
>     buffer pointer pointing to memory to which it has no right, and with
>     a very large buffer length. This call could scramble large portions
>     of memory, causing incorrect and possibly insecure behavior.
> 
>     The bug is in this code:
> 
>     950: err_status_t
>     951: srtp_unprotect(srtp_ctx_t *ctx, void *srtp_hdr, int *pkt_octet_len) {
>     ...
>     1073:   if (stream->rtp_services & sec_serv_conf) {
>     1074:     enc_start = (uint32_t *)hdr + uint32s_in_rtp_header + hdr->cc;  
>     1075:     if (hdr->x == 1) {
>     1076:       srtp_hdr_xtnd_t *xtn_hdr = (srtp_hdr_xtnd_t *)enc_start;
>     1077:       enc_start += (ntohs(xtn_hdr->length) + 1);
>     1078:     }  
>     1079:     enc_octet_len = (uint32_t)(*pkt_octet_len - tag_len 
>     1080: 			       - ((enc_start - (uint32_t *)hdr) << 2));
>     1081:   } else {
>     1082:     enc_start = NULL;
>     1083:   }
> 

Thanks for your quick response and clarification. If I understand
correctly we can basically apply the same patch for our version in
Wheezy and Jessie and guard against the potential integer underflow by using

if (!((uint8_t*)enc_start < (uint8_t*)hdr + (*pkt_octet_len - tag_len)))
	return err_status_parse_err;

before

enc_octet_len = (uint32_t)(*pkt_octet_len - tag_len
	- ((enc_start - (uint32_t *)hdr) << 2));

Since it is clear now that Jessie and Sid are affected, I am going to
raise the severity to grave again. Please find attached my proposed
debdiffs.

Regards,

Markus

[srtp_jessie.debdiff (text/plain, attachment)]

[srtp_wheezy.debdiff (text/plain, attachment)]

[signature.asc (application/pgp-signature, attachment)]

Message #34 received at 807698@bugs.debian.org (full text, mbox, reply):

From: John Foley <foleyj@cisco.com>

To: Markus Koschany <apo@debian.org>, Debian Security Team <team@security.debian.org>

Cc: Guido Günther <agx@sigxcpu.org>, 807698@bugs.debian.org

Subject: Re: srtp: CVE-2015-6360

Date: Fri, 1 Apr 2016 08:50:06 -0400

Yes, that fix should address the vulnerability.  There was one Cisco 
product that reported an issue with this patch.  Specifically, it 
prevents a zero length payload packet from being decrypted.  We never 
received reports of this problem from downstream open source projects.  
So you're probably safe with only applying this patch. But we did 
augment the patch after the Cisco issue to address the zero payload 
decryption problem.


On 03/31/2016 04:21 PM, Markus Koschany wrote:
> Control: severity -1 grave
> Control: tags -1 patch
>
> Am 31.03.2016 um 15:14 schrieb John Foley:
>> It's my understanding the obsolete versions of libsrtp are vulnerable.
>> Quoting the original text from Randell Jesup...
>>
>>      srtp_unprotect (netwerk\srtp\src\srtp\srtp.c) can experience an
>>      integer underflow. If it does, it calls a decryption function with a
>>      buffer pointer pointing to memory to which it has no right, and with
>>      a very large buffer length. This call could scramble large portions
>>      of memory, causing incorrect and possibly insecure behavior.
>>
>>      The bug is in this code:
>>
>>      950: err_status_t
>>      951: srtp_unprotect(srtp_ctx_t *ctx, void *srtp_hdr, int *pkt_octet_len) {
>>      ...
>>      1073:   if (stream->rtp_services & sec_serv_conf) {
>>      1074:     enc_start = (uint32_t *)hdr + uint32s_in_rtp_header + hdr->cc;
>>      1075:     if (hdr->x == 1) {
>>      1076:       srtp_hdr_xtnd_t *xtn_hdr = (srtp_hdr_xtnd_t *)enc_start;
>>      1077:       enc_start += (ntohs(xtn_hdr->length) + 1);
>>      1078:     }
>>      1079:     enc_octet_len = (uint32_t)(*pkt_octet_len - tag_len
>>      1080: 			       - ((enc_start - (uint32_t *)hdr) << 2));
>>      1081:   } else {
>>      1082:     enc_start = NULL;
>>      1083:   }
>>
> Thanks for your quick response and clarification. If I understand
> correctly we can basically apply the same patch for our version in
> Wheezy and Jessie and guard against the potential integer underflow by using
>
> if (!((uint8_t*)enc_start < (uint8_t*)hdr + (*pkt_octet_len - tag_len)))
> 	return err_status_parse_err;
>
> before
>
> enc_octet_len = (uint32_t)(*pkt_octet_len - tag_len
> 	- ((enc_start - (uint32_t *)hdr) << 2));
>
> Since it is clear now that Jessie and Sid are affected, I am going to
> raise the severity to grave again. Please find attached my proposed
> debdiffs.
>
> Regards,
>
> Markus
>
>

Message #39 received at 807698@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Markus Koschany <apo@debian.org>, 807698@bugs.debian.org

Cc: Debian Security Team <team@security.debian.org>, John Foley <foleyj@cisco.com>, Guido Günther <agx@sigxcpu.org>

Subject: Re: Bug#807698: srtp: CVE-2015-6360

Date: Fri, 1 Apr 2016 18:52:24 +0200

[Message part 1 (text/plain, inline)]

Hi Markus,

On Thu, Mar 31, 2016 at 10:21:32PM +0200, Markus Koschany wrote:
> Control: severity -1 grave
> Control: tags -1 patch
> 
> Am 31.03.2016 um 15:14 schrieb John Foley:
> > It's my understanding the obsolete versions of libsrtp are vulnerable. 
> > Quoting the original text from Randell Jesup...
> > 
> >     srtp_unprotect (netwerk\srtp\src\srtp\srtp.c) can experience an
> >     integer underflow. If it does, it calls a decryption function with a
> >     buffer pointer pointing to memory to which it has no right, and with
> >     a very large buffer length. This call could scramble large portions
> >     of memory, causing incorrect and possibly insecure behavior.
> > 
> >     The bug is in this code:
> > 
> >     950: err_status_t
> >     951: srtp_unprotect(srtp_ctx_t *ctx, void *srtp_hdr, int *pkt_octet_len) {
> >     ...
> >     1073:   if (stream->rtp_services & sec_serv_conf) {
> >     1074:     enc_start = (uint32_t *)hdr + uint32s_in_rtp_header + hdr->cc;  
> >     1075:     if (hdr->x == 1) {
> >     1076:       srtp_hdr_xtnd_t *xtn_hdr = (srtp_hdr_xtnd_t *)enc_start;
> >     1077:       enc_start += (ntohs(xtn_hdr->length) + 1);
> >     1078:     }  
> >     1079:     enc_octet_len = (uint32_t)(*pkt_octet_len - tag_len 
> >     1080: 			       - ((enc_start - (uint32_t *)hdr) << 2));
> >     1081:   } else {
> >     1082:     enc_start = NULL;
> >     1083:   }
> > 
> 
> Thanks for your quick response and clarification. If I understand
> correctly we can basically apply the same patch for our version in
> Wheezy and Jessie and guard against the potential integer underflow by using
> 
> if (!((uint8_t*)enc_start < (uint8_t*)hdr + (*pkt_octet_len - tag_len)))
> 	return err_status_parse_err;
> 
> before
> 
> enc_octet_len = (uint32_t)(*pkt_octet_len - tag_len
> 	- ((enc_start - (uint32_t *)hdr) << 2));
> 
> Since it is clear now that Jessie and Sid are affected, I am going to
> raise the severity to grave again. Please find attached my proposed
> debdiffs.

Okay, please go ahead with your upload to security-master. Since the
version for jessie-security is new to dak on security-master please
remember to build with -sa to include the original source tarball.

Thanks for your work on this update.

Regards,
Salvatore

[signature.asc (application/pgp-signature, inline)]

Message #44 received at 807698@bugs.debian.org (full text, mbox, reply):

From: Markus Koschany <apo@debian.org>

To: Debian Security Team <team@security.debian.org>

Cc: 807698@bugs.debian.org

Subject: Re: Bug#807698: srtp: CVE-2015-6360

Date: Fri, 1 Apr 2016 19:10:47 +0200

[Message part 1 (text/plain, inline)]

Am 01.04.2016 um 18:52 schrieb Salvatore Bonaccorso:
[...]
> Okay, please go ahead with your upload to security-master. Since the
> version for jessie-security is new to dak on security-master please
> remember to build with -sa to include the original source tarball.
> 
> Thanks for your work on this update.
> 

Uploaded.

Thanks,

Markus

[signature.asc (application/pgp-signature, attachment)]

Message #49 received at 807698@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: 807698@bugs.debian.org

Subject: srtp: diff for NMU version 1.4.5~20130609~dfsg-1.2

Date: Sun, 3 Apr 2016 09:18:54 +0200

[Message part 1 (text/plain, inline)]

Control: tags 807698 + pending

Dear maintainer,

I've prepared an NMU for srtp (versioned as 1.4.5~20130609~dfsg-1.2) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer. It is just what Markus has already prepared as
well done for unstable.

Regards,
Salvatore

[srtp-1.4.5~20130609~dfsg-1.2-nmu.diff (text/x-diff, attachment)]

Message #56 received at 807698@bugs.debian.org (full text, mbox, reply):

From: Jonas Smedegaard <dr@jones.dk>

To: Salvatore Bonaccorso <carnil@debian.org>, 807698@bugs.debian.org

Subject: Re: Bug#807698: srtp: diff for NMU version 1.4.5~20130609~dfsg-1.2

Date: Sun, 03 Apr 2016 10:05:43 +0200

[Message part 1 (text/plain, inline)]

Quoting Salvatore Bonaccorso (2016-04-03 09:18:54)
> I've prepared an NMU for srtp (versioned as 1.4.5~20130609~dfsg-1.2) 
> and uploaded it to DELAYED/2. Please feel free to tell me if I should 
> delay it longer. It is just what Markus has already prepared as well 
> done for unstable.

Thanks a lot!

On the contrary, you are welcome to drop the delay - i.e. upload right 
away.

Again, thanks a lot for doing the upload!

 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

[signature.asc (application/pgp-signature, inline)]

Message #61 received at 807698-close@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: 807698-close@bugs.debian.org

Subject: Bug#807698: fixed in srtp 1.4.5~20130609~dfsg-1.2

Date: Tue, 05 Apr 2016 07:35:53 +0000

Source: srtp
Source-Version: 1.4.5~20130609~dfsg-1.2

We believe that the bug you reported is fixed in the latest version of
srtp, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 807698@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated srtp package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 02 Apr 2016 19:43:20 +0200
Source: srtp
Binary: libsrtp0-dev libsrtp0 srtp-docs srtp-utils
Architecture: source
Version: 1.4.5~20130609~dfsg-1.2
Distribution: unstable
Urgency: high
Maintainer: Jonas Smedegaard <dr@jones.dk>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 807698
Description: 
 libsrtp0   - Secure RTP (SRTP) and UST Reference Implementations - shared libr
 libsrtp0-dev - Secure RTP (SRTP) and UST Reference Implementations - development
 srtp-docs  - Secure RTP (SRTP) and UST Reference Implementations - documentati
 srtp-utils - Secure RTP (SRTP) and UST Reference Implementations - utilities
Changes:
 srtp (1.4.5~20130609~dfsg-1.2) unstable; urgency=high
 .
   [ Markus Koschany ]
   * Non-maintainer upload.
   * Add CVE-2015-6360.patch.
     Prevent potential DoS attack due to lack of bounds checking on RTP header
     CSRC count and extension header length. (Closes: #807698)
Checksums-Sha1: 
 e452dd2b4d3f0ffaef3285516dcf53bfc84d985b 2253 srtp_1.4.5~20130609~dfsg-1.2.dsc
 9662d68a597c1e3bbb5d299aad9549d76205ecf1 14556 srtp_1.4.5~20130609~dfsg-1.2.debian.tar.xz
Checksums-Sha256: 
 d96626adda4453572766f7f7efc843fa37c5fb8e31e21842add58dff477057cf 2253 srtp_1.4.5~20130609~dfsg-1.2.dsc
 11eaa0c372695d5467c70ed022d688277a90194ef20882094f7d2a367d936dca 14556 srtp_1.4.5~20130609~dfsg-1.2.debian.tar.xz
Files: 
 d7a324aaa43cfa1cce1189fffb82b71a 2253 libs optional srtp_1.4.5~20130609~dfsg-1.2.dsc
 aeb7f67033b37362113ba0bf2d87225f 14556 libs optional srtp_1.4.5~20130609~dfsg-1.2.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJXAMLTAAoJEAVMuPMTQ89EMBwQAIe/mUjX/yz8tgEUqNh5AZx+
ZnbWdsdIZwIpbA3QoYIB0hqTEi8YIv6toSMkempVUAmzMbusZuhY28C1WSnYU9my
q4queUvB4z0BrGsXxQ+up5ZVO3+JCLmCj18TiXBqgHGeldKiEgZwJpIe9KGv7I9A
4b0+E0+UlN4473Qp1xm2L/1r2gYh0frJRfn4HHTfBlaHHcZO0iuVm/4F/MzASUdW
dK02tiIVLcQEm04PkyPYji/AZJ66H/v2x2x7A1cPoaBbFFphPkkwCkEQnEQ9jRVQ
MqavDbpuOs0PKUC7t4s5AKkuWCYZWsh5VdowwVpTV1UdQ9q2B4OyEMHfGGEvx4xf
/IlXBPgL4T4lT6WQYTfoGjzvaxW7yVMlIC0iEgSrB9bKQCBZodk10RtzhQ+6iody
PFOpIg0YWgrULsTe+iji6lRT3wETX/n0T9c8tXt3z1IJi9b0kYFtFd6mn8yrcr0c
Dz2fwyVVeGnM2rW2vvs4hKhhjSh6v+E1//5P8Be1/AOD5MnH5hR3KEuwrbeYwj8F
/8Sd+sHmr6XQFfF8Lic8plnqgfDuPB228gDD9CCJGqIVXDevKytoRYlECVXpwKwS
xcnmIijDyy28VttSdj6J1VC8eSbKpSg4LP4iUxL95VWiF/+Yvbjly3l5nXTQ2fyf
8kBykslVyJGWYEOuRweo
=+oOR
-----END PGP SIGNATURE-----

Message #66 received at 807698-close@bugs.debian.org (full text, mbox, reply):

From: Markus Koschany <apo@debian.org>

To: 807698-close@bugs.debian.org

Subject: Bug#807698: fixed in srtp 1.4.5~20130609~dfsg-1.1+deb8u1

Date: Fri, 08 Apr 2016 09:48:18 +0000

Source: srtp
Source-Version: 1.4.5~20130609~dfsg-1.1+deb8u1

We believe that the bug you reported is fixed in the latest version of
srtp, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 807698@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Markus Koschany <apo@debian.org> (supplier of updated srtp package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 01 Apr 2016 18:59:17 +0200
Source: srtp
Binary: libsrtp0-dev libsrtp0 srtp-docs srtp-utils
Architecture: source all amd64
Version: 1.4.5~20130609~dfsg-1.1+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Jonas Smedegaard <dr@jones.dk>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 libsrtp0   - Secure RTP (SRTP) and UST Reference Implementations - shared libr
 libsrtp0-dev - Secure RTP (SRTP) and UST Reference Implementations - development
 srtp-docs  - Secure RTP (SRTP) and UST Reference Implementations - documentati
 srtp-utils - Secure RTP (SRTP) and UST Reference Implementations - utilities
Closes: 807698
Changes:
 srtp (1.4.5~20130609~dfsg-1.1+deb8u1) jessie-security; urgency=high
 .
   * Non-maintainer upload.
   * Add CVE-2015-6360.patch.
     Prevent potential DoS attack due to lack of bounds checking on RTP header
     CSRC count and extension header length. (Closes: #807698)
Checksums-Sha1:
 5d15f647dda178828c786560c814caf06acb1cde 2411 srtp_1.4.5~20130609~dfsg-1.1+deb8u1.dsc
 1276b78ad6d6c8d16a1c4cee0bf29b7fba41d72c 251824 srtp_1.4.5~20130609~dfsg.orig.tar.gz
 d8ec48cd5337cca30a20db04a48a0fe7482ef736 14520 srtp_1.4.5~20130609~dfsg-1.1+deb8u1.debian.tar.xz
 e919fdead3c6ff64dd2204116c832447f3b97797 237976 srtp-docs_1.4.5~20130609~dfsg-1.1+deb8u1_all.deb
 e77cc49c24067d45be2a2da6e9891bbc81d0e513 93474 libsrtp0-dev_1.4.5~20130609~dfsg-1.1+deb8u1_amd64.deb
 a9e0e83b85e0d02d79e07c568918332a5eeae03c 65154 libsrtp0_1.4.5~20130609~dfsg-1.1+deb8u1_amd64.deb
 c065753813f5ce32b3879400fbf11222cf541c18 101224 srtp-utils_1.4.5~20130609~dfsg-1.1+deb8u1_amd64.deb
Checksums-Sha256:
 07a5889fdd719369e7b1953f3c1ba1cd4de14c564a1257aa5516756c92ae4319 2411 srtp_1.4.5~20130609~dfsg-1.1+deb8u1.dsc
 32083ced5621613a0190e4f0d5e7486aa0deb7d3a8f02d7d8bb45c57d0920584 251824 srtp_1.4.5~20130609~dfsg.orig.tar.gz
 64566be5e36141bc42637434733c17de3ee9c6cb56ec8e822c4825e1f0dc058f 14520 srtp_1.4.5~20130609~dfsg-1.1+deb8u1.debian.tar.xz
 e85c369a98cfa29187d8184c5d4d1adef250decaebee68917a9ac8fc03bd78f1 237976 srtp-docs_1.4.5~20130609~dfsg-1.1+deb8u1_all.deb
 be4bed57687c6ebf363b0b1236605c3c8dfdbb1403039946354b906ec6ec2f3b 93474 libsrtp0-dev_1.4.5~20130609~dfsg-1.1+deb8u1_amd64.deb
 f093edf30ed905e316c64727ff9ccac38946c1185fafa74f8ed6741338e0b5ef 65154 libsrtp0_1.4.5~20130609~dfsg-1.1+deb8u1_amd64.deb
 dff65254de5f051a962f61922234e646c87e158bda4a2a7e857992961a9bdbce 101224 srtp-utils_1.4.5~20130609~dfsg-1.1+deb8u1_amd64.deb
Files:
 5811f569563aecb0862269589ca188cc 2411 libs optional srtp_1.4.5~20130609~dfsg-1.1+deb8u1.dsc
 ed80a9530f8d12d8332897b246f27151 251824 libs optional srtp_1.4.5~20130609~dfsg.orig.tar.gz
 3ff1bf14fc81280f00604a274c58aa95 14520 libs optional srtp_1.4.5~20130609~dfsg-1.1+deb8u1.debian.tar.xz
 ecaf9e10abd61a3b08498a9965739db3 237976 doc optional srtp-docs_1.4.5~20130609~dfsg-1.1+deb8u1_all.deb
 47de898233bc36527093ab7fad764609 93474 libdevel optional libsrtp0-dev_1.4.5~20130609~dfsg-1.1+deb8u1_amd64.deb
 9f945d68c3ef40dfffd3846d7504ba23 65154 libs optional libsrtp0_1.4.5~20130609~dfsg-1.1+deb8u1_amd64.deb
 979fa4536a7794c173d7f296de3970ec 101224 libs optional srtp-utils_1.4.5~20130609~dfsg-1.1+deb8u1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQJ8BAEBCgBmBQJW/qp/XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBQ0YzRDA4OEVGMzJFREVGNkExQTgzNUZE
OUFEMTRCOTUxM0I1MUU0AAoJENmtFLlRO1HkiskQAMlmNz7XmmB1QjdDQvEEa11F
wyLQWUI1U+qBYWYi/RNVT0Xs0EMOx9EQXmCW1SjLHJOR8lbFC/GA9lXWAoeDG0WS
V9q+EnrnQ3AkIhpHWboEY/YxN76Avl+/R/13W5hbM23zJvuyGd/JJnVGaRh5JWdY
IW0947UkbWqrbdpD7cKMe5AcMC+xdjloRK8dbRcdX/4dkD+05325g1qNYRm+dztn
ax4mxYawxlXy865r6HRB4mpDwQo2mlRmj3W50yideb0oak9v3PLkMO39aLbUpndq
1qddIF/71jT2ClWYQlc1mfKuG4OmBBpVv9rTm9XHJkzO2/8qEqCbi51fBetAb95l
nG2aiMrS+6BpzOjEKINwTuiXL1+Z9kh4VKMUbSmKMGEHgYKhOWH1L4kqEC1CQavB
sBz2QkJnHS+q0aJ+XQiqQAkPycmrv0z3QGnRlhhn/sasxuqTT8S+yNQxryR4LWnd
Nur1d2CaRs6/hhqgP8QcQlwRbSMJSJVnK3ry4EjsH7hZE3DhrRaEyMV7h0kIqoFi
uuh/DlidSFHPcvrrPqMBOS+iBCT9StQtPHjVFfbJ/xu6DGffgbxbr8ZXymCM2FJq
PT0tY+qTCzzNX9rT9m7PxL6A8S4oWngURYI0Ny7yR1YGQCBRhqzRIGj6iqnS/kGd
yzMM4QEytaqBO4wAXRAk
=iXqH
-----END PGP SIGNATURE-----

Message #71 received at 807698-close@bugs.debian.org (full text, mbox, reply):

From: Markus Koschany <apo@debian.org>

To: 807698-close@bugs.debian.org

Subject: Bug#807698: fixed in srtp 1.4.4+20100615~dfsg-2+deb7u2

Date: Fri, 08 Apr 2016 09:49:44 +0000

Source: srtp
Source-Version: 1.4.4+20100615~dfsg-2+deb7u2

We believe that the bug you reported is fixed in the latest version of
srtp, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 807698@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Markus Koschany <apo@debian.org> (supplier of updated srtp package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 01 Apr 2016 19:07:24 +0200
Source: srtp
Binary: libsrtp0-dev libsrtp0 srtp-docs srtp-utils
Architecture: source all amd64
Version: 1.4.4+20100615~dfsg-2+deb7u2
Distribution: wheezy-security
Urgency: high
Maintainer: Jonas Smedegaard <dr@jones.dk>
Changed-By: Markus Koschany <apo@debian.org>
Description: 
 libsrtp0   - Secure RTP (SRTP) and UST Reference Implementations - shared libr
 libsrtp0-dev - Secure RTP (SRTP) and UST Reference Implementations - development
 srtp-docs  - Secure RTP (SRTP) and UST Reference Implementations - documentati
 srtp-utils - Secure RTP (SRTP) and UST Reference Implementations - utilities
Closes: 807698
Changes: 
 srtp (1.4.4+20100615~dfsg-2+deb7u2) wheezy-security; urgency=high
 .
   * Non-maintainer upload.
   * Add CVE-2015-6360.patch.
     Prevent potential DoS attack due to lack of bounds checking on RTP header
     CSRC count and extension header length. (Closes: #807698)
Checksums-Sha1: 
 ddef67f6d1726ff4b2788292e061fe16c28b23c8 2404 srtp_1.4.4+20100615~dfsg-2+deb7u2.dsc
 eb38e263929e84a4b214284ab26136c6abe67fff 15732 srtp_1.4.4+20100615~dfsg-2+deb7u2.debian.tar.gz
 0f9eb8f4443d39b47a3de075b4a13d6ec9f6f0f0 232820 srtp-docs_1.4.4+20100615~dfsg-2+deb7u2_all.deb
 ab56d6d140fe43016fccb3eca8ffa405a649e251 117244 libsrtp0-dev_1.4.4+20100615~dfsg-2+deb7u2_amd64.deb
 abc1ec430267121a0514a29a777bc070195d5146 79998 libsrtp0_1.4.4+20100615~dfsg-2+deb7u2_amd64.deb
 fb4debe4e545fe545ce75129b7713e9823668dca 366576 srtp-utils_1.4.4+20100615~dfsg-2+deb7u2_amd64.deb
Checksums-Sha256: 
 46af8f4ec2ec8322d6e4cfcd111c72ddb45d63b4ad47dc1b892b74eb666a8e02 2404 srtp_1.4.4+20100615~dfsg-2+deb7u2.dsc
 3dbffa22fdcdaee52ef8db71651b2193843b0a2d8a4108cfaeb0e547390b06be 15732 srtp_1.4.4+20100615~dfsg-2+deb7u2.debian.tar.gz
 647bb100b37546f40f364c98845a8fda64b6d1cfff9a984b6f282d97a073a430 232820 srtp-docs_1.4.4+20100615~dfsg-2+deb7u2_all.deb
 1910bcbc78e435360e02321a9e4801d2a018fb42fe94e25d5f91dd8182e6171b 117244 libsrtp0-dev_1.4.4+20100615~dfsg-2+deb7u2_amd64.deb
 4f97bfcd92e39256aa16730567a8436ef4989168858117e2a83353bed03bd0fe 79998 libsrtp0_1.4.4+20100615~dfsg-2+deb7u2_amd64.deb
 e5189cffc86618cca9b88befa9cd0a2e675acfb2423fa2a926186577d1972c6b 366576 srtp-utils_1.4.4+20100615~dfsg-2+deb7u2_amd64.deb
Files: 
 793d7153d73e6313a37137c271c21456 2404 libs optional srtp_1.4.4+20100615~dfsg-2+deb7u2.dsc
 847a9d474d0e1c1efa5f5838d3377168 15732 libs optional srtp_1.4.4+20100615~dfsg-2+deb7u2.debian.tar.gz
 66515a1bb5288341aa323b330741318c 232820 doc optional srtp-docs_1.4.4+20100615~dfsg-2+deb7u2_all.deb
 6edf105b3d7467a337f7cde4c3cbcab8 117244 libdevel optional libsrtp0-dev_1.4.4+20100615~dfsg-2+deb7u2_amd64.deb
 4c2e931c2b16988d654a6c3d915d7c78 79998 libs optional libsrtp0_1.4.4+20100615~dfsg-2+deb7u2_amd64.deb
 8f0614a6200614a7238ea4315b733766 366576 libs optional srtp-utils_1.4.4+20100615~dfsg-2+deb7u2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQJ8BAEBCgBmBQJW/qtLXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBQ0YzRDA4OEVGMzJFREVGNkExQTgzNUZE
OUFEMTRCOTUxM0I1MUU0AAoJENmtFLlRO1HkuyMP/0u6MMI2KCZJFnK+3nkKKrek
MA0cdKBp8vr//AUPJKF0ox/KI9CYv8fM/6sf83gr/RXFuosx2R02GMLwmQgNHEQi
xD9W4I6mGPVRL3T7Zj+QdyKGZFkHlCV7U5maKmDm+ky/6FLcVy/lBwc16+bO1ep1
wPChOoh5BJ/q46Owg4ROwWzl742H6wrzYAOqYeYDUOQR/nn8kRphRRIFVZP5o0fw
JFUXN9dpBq34/eFNJiUtiYl43ug1nCAd+hukcqm8ptMxx4pq+CTzZsmivz2YZRTt
29JryUtZlsUEAdvlkfeptseOF2vYFPCCXGWk7y4JVAZYBd6zDUiFLjbv66QdgLbO
Llfj9mClK9QSBjxlaBukd3AROIYuQJK7eNV8OvYK9U1QHp3ebBdM+8pYJWwBYaUC
XrpwS7uwVaGfkNFoSbNgp0qsa/lcmu9jXQvymOp///NyVOrDrDp574T9d7fbVQd5
LunzuvDJL79DZ5+KBydGbPz9EZKCDiaOJ6kmhGXUFwmR8GRMmOD6DPU8rmSv9RjG
OuTwXDZcPHwlG+XZlXmuTC5JP6LaukezHzUFrkaE0JiPy0/HwLRYtpzj+k0dxPho
PgVDi6Otpx92IHr4+ynr8j27AWm+bVIIuQbN2fxUlFWYv99JW0NDw3yXCFNNw0rj
bfYmDshyo2WEmwJv8G6i
=uo6w
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.