< Previous by Date Date Index Next by Date >
< Previous in Thread Thread Index Next in Thread >

Re: [reSIProcate] [CVE-2018-12584] Heap overflow vulnerability in resiprocate through 1.10.2

Hi Diego,

A new release has not yet been created.  You will need to manually pull from Git to get this change.  I'm hoping Daniel Pocock will be able to drive a new release soon.


On Tue, Aug 21, 2018 at 7:46 AM Diego Carvalho Domingos <ddomingos@xxxxxxxxxxxxxxx> wrote:

Hi, thanks for the info. I have one question, though. Which version should I update to?
The latest version in the downloads page (https://www.resiprocate.org/files/pub/reSIProcate/releases/) is 1.10.2 and in git’s releases page (https://github.com/resiprocate/resiprocate/releases) there are only alpha and beta releases after 1.10.2. So, is there a stable release after 1.10.2? Thanks


From: Joachim De Zutter <dezutterjoachim@xxxxxxxxx>
Sent: Monday, August 20, 2018 5:27 AM
To: repro-users@xxxxxxxxxxxxxxx; resiprocate-devel@xxxxxxxxxxxxxxx
Subject: [reSIProcate] [CVE-2018-12584] Heap overflow vulnerability in resiprocate through 1.10.2


A heap overflow vulnerability which might lead to a DoS or remote code execution in client and server software using the reSIProcate sip stack has been found. (CVE-2018-12584)

Full advisory: 

The issue has been fixed since this commit:


Please update your software if you haven't done so already.

resiprocate-devel mailing list