-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4170-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff April 09, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : pjproject CVE ID : CVE-2017-16872 CVE-2017-16875 CVE-2018-1000098 CVE-2018-1000099 Multiple vulnerabilities have been discovered in the PJSIP/PJProject multimedia communication which may result in denial of service during the processing of SIP and SDP messages and ioqueue keys. For the stable distribution (stretch), these problems have been fixed in version 2.5.5~dfsg-6+deb9u1. We recommend that you upgrade your pjproject packages. For the detailed security status of pjproject please refer to its security tracker page at: https://security-tracker.debian.org/tracker/pjproject Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlrL0/0ACgkQEMKTtsN8 Tjb24Q//Tf+mgNJCFCH34I3wEO59joHw6/pytj587BrFiC6tE91ueYf2gMvoFyGM 9t3o1XMKxox2AQdoDkLJ5AHRGWm2rfgpe0Udog/W9deAG/U6eISTs7roisB58O58 iQ32rHPCBUyqxvPC8fks3BXiBUDbNoRiYiXTpqzfN/Rj3T0s33HCeHgq/LJVM4f9 cbM70HlG3Nb6LRmtXkSUTOv0enblHy/Hi98YfO4xR02bY1bnQLePWPG2bcC0rpWs c9DxboRsh949yCH+5YK/4XiW1zX96SFlriX+uB6OiiWfzvdl/O5iUDa1Ccf8BorM lANbeMuhfpTYfMIKP2/MkDCUJpMqZQ53VTX0GYCD4QDd4olyNpvdXNzyg53GIeBW y1SAeF3J4ygURQQKbLARbStLGWEuW5f8b8lu9Cp1dtS/iwFlHFEUAB+m8jDqtI9k q4hDLgtaR3c9x+XNH63EgVrga7fHQ332sDfh4o6vItsfs1FjtPeM89kbq4Fh8PnE GJXFmggtuXpezhrgPrUnJwhzkbxRpd804ulY464izTJRTMIUvv7CcRH31Kn58DwC Mt8417Lgi0jEDMCEYCOZjXL62EOM84qTHpWHZ4sFsubIzf1DZY6mW7Yghz1LzqLm 7+k9DG+9etDaNvxrM5nkfaeMbpedVSymqikqC6a2/tP8xDBp38k= =wjk0 -----END PGP SIGNATURE-----