Summary: | ASTERISK-30338: pjproject: Backport security fixes from 2.13 | ||
Reporter: | Benjamin Keith Ford (bford) | Labels: | security |
Date Opened: | 2022-12-01 10:50:19.000-0600 | Date Closed: | 2022-12-06 06:47:32.000-0600 |
Priority: | Blocker | Regression? | |
Status: | Closed/Complete | Components: | pjproject/pjsip |
Versions: | 16.29.0 18.15.0 19.7.0 20.0.0 | Frequency of Occurrence | |
Related Issues: | |||
Environment: | Attachments: | ||
Description: | pjproject released 2.13, which contains some security fixes. Let's backport the ones that apply to us until upgrading to 2.13.
Changes: https://github.com/pjsip/pjproject/security/advisories/GHSA-fq45-m3f7-3mhj https://github.com/pjsip/pjproject/security/advisories/GHSA-26j7-ww69-c4qj | ||
Comments: | By: Asterisk Team (asteriskteam) 2022-12-01 10:50:26.846-0600 This issue has been automatically restricted and set to a blocker due to being a security type issue. If this is not a security vulnerability issue it will be moved to the appropriate issue type when triaged. Please DO NOT put a code review up for this change at this time. Attach any applicable patches to this issue. By: Friendly Automation (friendly-automation) 2022-12-01 11:53:14.355-0600 Change 19636 merged by Benjamin Keith Ford: pjproject: 2.13 security fixes [https://gerrit.asterisk.org/c/asterisk/+/19636|https://gerrit.asterisk.org/c/asterisk/+/19636] By: Friendly Automation (friendly-automation) 2022-12-01 11:53:26.723-0600 Change 19637 merged by Benjamin Keith Ford: pjproject: 2.13 security fixes [https://gerrit.asterisk.org/c/asterisk/+/19637|https://gerrit.asterisk.org/c/asterisk/+/19637] By: Friendly Automation (friendly-automation) 2022-12-01 11:53:41.440-0600 Change 19618 merged by Benjamin Keith Ford: pjproject: 2.13 security fixes [https://gerrit.asterisk.org/c/asterisk/+/19618|https://gerrit.asterisk.org/c/asterisk/+/19618] By: Friendly Automation (friendly-automation) 2022-12-01 11:53:49.269-0600 Change 19638 merged by Benjamin Keith Ford: pjproject: 2.13 security fixes [https://gerrit.asterisk.org/c/asterisk/+/19638|https://gerrit.asterisk.org/c/asterisk/+/19638] By: Friendly Automation (friendly-automation) 2022-12-01 11:53:57.600-0600 Change 19639 merged by Benjamin Keith Ford: pjproject: 2.13 security fixes [https://gerrit.asterisk.org/c/asterisk/+/19639|https://gerrit.asterisk.org/c/asterisk/+/19639] By: Asterisk Team (asteriskteam) 2022-12-01 15:54:19.080-0600 This issue has been reopened as a result of your commenting on it as the reporter. It will be triaged once again as applicable. By: Friendly Automation (friendly-automation) 2022-12-03 10:26:11.869-0600 Change 19619 merged by Friendly Automation: pjproject: 2.13 security fixes [https://gerrit.asterisk.org/c/asterisk/+/19619|https://gerrit.asterisk.org/c/asterisk/+/19619] By: Friendly Automation (friendly-automation) 2022-12-03 10:26:14.942-0600 Change 19643 merged by Friendly Automation: pjproject: 2.13 security fixes [https://gerrit.asterisk.org/c/asterisk/+/19643|https://gerrit.asterisk.org/c/asterisk/+/19643] By: Friendly Automation (friendly-automation) 2022-12-03 10:26:52.441-0600 Change 19648 merged by Friendly Automation: pjproject: 2.13 security fixes [https://gerrit.asterisk.org/c/asterisk/+/19648|https://gerrit.asterisk.org/c/asterisk/+/19648] By: Friendly Automation (friendly-automation) 2022-12-03 10:27:02.063-0600 Change 19652 merged by Friendly Automation: pjproject: 2.13 security fixes [https://gerrit.asterisk.org/c/asterisk/+/19652|https://gerrit.asterisk.org/c/asterisk/+/19652] By: Friendly Automation (friendly-automation) 2022-12-03 10:27:08.410-0600 Change 19649 merged by Friendly Automation: pjproject: 2.13 security fixes [https://gerrit.asterisk.org/c/asterisk/+/19649|https://gerrit.asterisk.org/c/asterisk/+/19649] |