[Home]

Summary:ASTERISK-30338: pjproject: Backport security fixes from 2.13
Reporter:Benjamin Keith Ford (bford)Labels:security
Date Opened:2022-12-01 10:50:19.000-0600Date Closed:2022-12-06 06:47:32.000-0600
Priority:BlockerRegression?
Status:Closed/CompleteComponents:pjproject/pjsip
Versions:16.29.0 18.15.0 19.7.0 20.0.0 Frequency of
Occurrence
Related
Issues:
Environment:Attachments:
Description:pjproject released 2.13, which contains some security fixes. Let's backport the ones that apply to us until upgrading to 2.13.

Changes:
https://github.com/pjsip/pjproject/security/advisories/GHSA-fq45-m3f7-3mhj
https://github.com/pjsip/pjproject/security/advisories/GHSA-26j7-ww69-c4qj
Comments:By: Asterisk Team (asteriskteam) 2022-12-01 10:50:26.846-0600

This issue has been automatically restricted and set to a blocker due to being a security type issue. If this is not a security vulnerability issue it will be moved to the appropriate issue type when triaged.

Please DO NOT put a code review up for this change at this time. Attach any applicable patches to this issue.

By: Friendly Automation (friendly-automation) 2022-12-01 11:53:14.355-0600

Change 19636 merged by Benjamin Keith Ford:
pjproject: 2.13 security fixes

[https://gerrit.asterisk.org/c/asterisk/+/19636|https://gerrit.asterisk.org/c/asterisk/+/19636]

By: Friendly Automation (friendly-automation) 2022-12-01 11:53:26.723-0600

Change 19637 merged by Benjamin Keith Ford:
pjproject: 2.13 security fixes

[https://gerrit.asterisk.org/c/asterisk/+/19637|https://gerrit.asterisk.org/c/asterisk/+/19637]

By: Friendly Automation (friendly-automation) 2022-12-01 11:53:41.440-0600

Change 19618 merged by Benjamin Keith Ford:
pjproject: 2.13 security fixes

[https://gerrit.asterisk.org/c/asterisk/+/19618|https://gerrit.asterisk.org/c/asterisk/+/19618]

By: Friendly Automation (friendly-automation) 2022-12-01 11:53:49.269-0600

Change 19638 merged by Benjamin Keith Ford:
pjproject: 2.13 security fixes

[https://gerrit.asterisk.org/c/asterisk/+/19638|https://gerrit.asterisk.org/c/asterisk/+/19638]

By: Friendly Automation (friendly-automation) 2022-12-01 11:53:57.600-0600

Change 19639 merged by Benjamin Keith Ford:
pjproject: 2.13 security fixes

[https://gerrit.asterisk.org/c/asterisk/+/19639|https://gerrit.asterisk.org/c/asterisk/+/19639]

By: Asterisk Team (asteriskteam) 2022-12-01 15:54:19.080-0600

This issue has been reopened as a result of your commenting on it as the reporter. It will be triaged once again as applicable.

By: Friendly Automation (friendly-automation) 2022-12-03 10:26:11.869-0600

Change 19619 merged by Friendly Automation:
pjproject: 2.13 security fixes

[https://gerrit.asterisk.org/c/asterisk/+/19619|https://gerrit.asterisk.org/c/asterisk/+/19619]

By: Friendly Automation (friendly-automation) 2022-12-03 10:26:14.942-0600

Change 19643 merged by Friendly Automation:
pjproject: 2.13 security fixes

[https://gerrit.asterisk.org/c/asterisk/+/19643|https://gerrit.asterisk.org/c/asterisk/+/19643]

By: Friendly Automation (friendly-automation) 2022-12-03 10:26:52.441-0600

Change 19648 merged by Friendly Automation:
pjproject: 2.13 security fixes

[https://gerrit.asterisk.org/c/asterisk/+/19648|https://gerrit.asterisk.org/c/asterisk/+/19648]

By: Friendly Automation (friendly-automation) 2022-12-03 10:27:02.063-0600

Change 19652 merged by Friendly Automation:
pjproject: 2.13 security fixes

[https://gerrit.asterisk.org/c/asterisk/+/19652|https://gerrit.asterisk.org/c/asterisk/+/19652]

By: Friendly Automation (friendly-automation) 2022-12-03 10:27:08.410-0600

Change 19649 merged by Friendly Automation:
pjproject: 2.13 security fixes

[https://gerrit.asterisk.org/c/asterisk/+/19649|https://gerrit.asterisk.org/c/asterisk/+/19649]