From 38c4aa2826ce31bd77140a55b5dca78eb28e53a5 Mon Sep 17 00:00:00 2001 From: Fabrice Fontaine Date: Fri, 1 Dec 2023 22:23:18 +0100 Subject: [PATCH] package/libpjsip: security bump to version 2.14 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fix CVE-2023-38703: PJSIP is a free and open source multimedia communication library written in C with high level API in C, C++, Java, C#, and Python languages. SRTP is a higher level media transport which is stacked upon a lower level media transport such as UDP and ICE. Currently a higher level transport is not synchronized with its lower level transport that may introduce use-after-free issue. This vulnerability affects applications that have SRTP capability (`PJMEDIA_HAS_SRTP` is set) and use underlying media transport other than UDP. This vulnerability’s impact may range from unexpected application termination to control flow hijack/memory corruption. The patch is available as a commit in the master branch. https://github.com/pjsip/pjproject/security/advisories/GHSA-f76w-fh7c-pc66 https://github.com/pjsip/pjproject/releases/tag/2.14 Signed-off-by: Fabrice Fontaine Signed-off-by: Peter Korsgaard --- package/libpjsip/libpjsip.hash | 2 +- package/libpjsip/libpjsip.mk | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/package/libpjsip/libpjsip.hash b/package/libpjsip/libpjsip.hash index 2edd97bed4c8..d72e1090e3a2 100644 --- a/package/libpjsip/libpjsip.hash +++ b/package/libpjsip/libpjsip.hash @@ -1,3 +1,3 @@ # Locally computed -sha256 32a5ab5bfbb9752cb6a46627e4c410e61939c8dbbd833ac858473cfbd9fb9d7d pjproject-2.13.1.tar.gz +sha256 5805c1171acab4af9684d7ad096dcb92f71fc42809852144e97e1413468c9981 pjproject-2.14.tar.gz sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING diff --git a/package/libpjsip/libpjsip.mk b/package/libpjsip/libpjsip.mk index f97d547fd7bf..8169e0dceec4 100644 --- a/package/libpjsip/libpjsip.mk +++ b/package/libpjsip/libpjsip.mk @@ -4,7 +4,7 @@ # ################################################################################ -LIBPJSIP_VERSION = 2.13.1 +LIBPJSIP_VERSION = 2.14 LIBPJSIP_SOURCE = pjproject-$(LIBPJSIP_VERSION).tar.gz LIBPJSIP_SITE = $(call github,pjsip,pjproject,$(LIBPJSIP_VERSION))