< Previous by Date | Date Index | Next by Date > |
< Previous in Thread | Thread Index | Next in Thread > |
Good catch, I agree. I'll fix it.Thanks!Sent from my iPhoneHi, only now I noticed that it was introduced an assert in the fix commit (https://github.com/resiprocate/resiprocate/commit/2cb291191c93c7c4e371e22cb89805a5b31d6608)
Shouldn’t it be resip_assert? Thanks.
Diego
From: Diego Carvalho Domingos
Sent: Tuesday, August 21, 2018 1:18 PM
To: 'Scott Godin' <sgodin@xxxxxxxxxxxxxxx>
Cc: Joachim De Zutter <dezutterjoachim@xxxxxxxxx>; repro-users <repro-users@xxxxxxxxxxxxxxx>; resiprocate-devel@xxxxxxxxxxxxxxx; Daniel Pocock <daniel@xxxxxxxxxx>
Subject: RE: [reSIProcate] [CVE-2018-12584] Heap overflow vulnerability in resiprocate through 1.10.2
Ok, Thanks Scott.
From: Scott Godin <sgodin@xxxxxxxxxxxxxxx>
Sent: Tuesday, August 21, 2018 1:09 PM
To: Diego Carvalho Domingos <ddomingos@xxxxxxxxxxxxxxx>
Cc: Joachim De Zutter <dezutterjoachim@xxxxxxxxx>; repro-users <repro-users@xxxxxxxxxxxxxxx>; resiprocate-devel@xxxxxxxxxxxxxxx; Daniel Pocock <daniel@xxxxxxxxxx>
Subject: Re: [reSIProcate] [CVE-2018-12584] Heap overflow vulnerability in resiprocate through 1.10.2
Hi Diego,
A new release has not yet been created. You will need to manually pull from Git to get this change. I'm hoping Daniel Pocock will be able to drive a new release soon.
Thanks,
Scott
On Tue, Aug 21, 2018 at 7:46 AM Diego Carvalho Domingos <ddomingos@xxxxxxxxxxxxxxx> wrote:
Hi, thanks for the info. I have one question, though. Which version should I update to?
The latest version in the downloads page (https://www.resiprocate.org/files/pub/reSIProcate/releases/) is 1.10.2 and in git’s releases page (https://github.com/resiprocate/resiprocate/releases) there are only alpha and beta releases after 1.10.2. So, is there a stable release after 1.10.2? Thanks
DiegoFrom: Joachim De Zutter <dezutterjoachim@xxxxxxxxx>
Sent: Monday, August 20, 2018 5:27 AM
To: repro-users@xxxxxxxxxxxxxxx; resiprocate-devel@xxxxxxxxxxxxxxx
Subject: [reSIProcate] [CVE-2018-12584] Heap overflow vulnerability in resiprocate through 1.10.2
A heap overflow vulnerability which might lead to a DoS or remote code execution in client and server software using the reSIProcate sip stack has been found. (CVE-2018-12584)
Full advisory: http://joachimdezutter.webredirect.org/advisory.html
The issue has been fixed since this commit:
https://github.com/resiprocate/resiprocate/commit/2cb291191c93c7c4e371e22cb89805a5b31d6608
Please update your software if you haven't done so already._______________________________________________
resiprocate-devel mailing list
resiprocate-devel@xxxxxxxxxxxxxxx
https://list.resiprocate.org/mailman/listinfo/resiprocate-devel_______________________________________________
resiprocate-devel mailing list
resiprocate-devel@xxxxxxxxxxxxxxx
https://list.resiprocate.org/mailman/listinfo/resiprocate-devel