package/libpjsip: security bump to version 2.14

Fix CVE-2023-38703: PJSIP is a free and open source multimedia communication library written in C with high level API in C, C++, Java, C#, and Python languages. SRTP is a higher level media transport which is stacked upon a lower level media transport such as UDP and ICE. Currently a higher level transport is not synchronized with its lower level transport that may introduce use-after-free issue. This vulnerability affects applications that have SRTP capability (`PJMEDIA_HAS_SRTP` is set) and use underlying media transport other than UDP. This vulnerability’s impact may range from unexpected application termination to control flow hijack/memory corruption. The patch is available as a commit in the master branch. GHSA-f76w-fh7c-pc66 https://github.com/pjsip/pjproject/releases/tag/2.14 Signed-off-by: Fabrice Fontaine <[email protected]> Signed-off-by: Peter Korsgaard <[email protected]> (cherry picked from commit 38c4aa2) Signed-off-by: Peter Korsgaard <[email protected]>
Relms12345 · Dec 3, 2023 · 0b3f844 · 0b3f844
1 parent 275d74b
commit 0b3f844
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/package/libpjsip/libpjsip.hash b/package/libpjsip/libpjsip.hash
@@ -1,3 +1,3 @@
 # Locally computed
-sha256  32a5ab5bfbb9752cb6a46627e4c410e61939c8dbbd833ac858473cfbd9fb9d7d  pjproject-2.13.1.tar.gz
+sha256  5805c1171acab4af9684d7ad096dcb92f71fc42809852144e97e1413468c9981  pjproject-2.14.tar.gz
 sha256  8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643  COPYING
diff --git a/package/libpjsip/libpjsip.mk b/package/libpjsip/libpjsip.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-LIBPJSIP_VERSION = 2.13.1
+LIBPJSIP_VERSION = 2.14
 LIBPJSIP_SOURCE = pjproject-$(LIBPJSIP_VERSION).tar.gz
 LIBPJSIP_SITE = $(call github,pjsip,pjproject,$(LIBPJSIP_VERSION))