git: 651d4068e09a - main - security/vuxml: Document new pjsip vulnerability
Guido Falsi
madpilot at FreeBSD.org
Fri Jul 23 23:14:22 UTC 2021
The branch main has been updated by madpilot:
URL: https://cgit.FreeBSD.org/ports/commit/?id=651d4068e09a5a714a338e96271fa5c8e95f73b2
commit 651d4068e09a5a714a338e96271fa5c8e95f73b2
Author: Guido Falsi <madpilot at FreeBSD.org>
AuthorDate: 2021-07-23 23:13:37 +0000
Commit: Guido Falsi <madpilot at FreeBSD.org>
CommitDate: 2021-07-23 23:14:14 +0000
security/vuxml: Document new pjsip vulnerability
---
security/vuxml/vuln-2021.xml | 30 ++++++++++++++++++++++++++++++
1 file changed, 30 insertions(+)
diff --git a/security/vuxml/vuln-2021.xml b/security/vuxml/vuln-2021.xml
index b30aa2c107fd..f8bb8cf5a2b4 100644
--- a/security/vuxml/vuln-2021.xml
+++ b/security/vuxml/vuln-2021.xml
@@ -1,3 +1,33 @@
+ <vuln vid="92ad12b8-ec09-11eb-aef1-0897988a1c07">
+ <topic>pjsip -- Race condition in SSL socket server</topic>
+ <affects>
+ <package>
+ <name>pjsip</name>
+ <range><lt>2.11.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>pjsip reports:</p>
+ <blockquote cite="https://github.com/pjsip/pjproject/security/advisories">
+ <p>There are a couple of issues found in the SSL socket:</p>
+ <ul>
+ <li>A race condition between callback and destroy, due to the accepted socket having no group lock.</li>
+ <li>SSL socket parent/listener may get destroyed during handshake.</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2021-32686</cvename>
+ <url>https://github.com/pjsip/pjproject/security/advisories/GHSA-cv8x-p47p-99wr</url>
+ </references>
+ <dates>
+ <discovery>2021-07-23</discovery>
+ <entry>2021-07-23</entry>
+ </dates>
+ </vuln>
+
<vuln vid="53fbffe6-ebf7-11eb-aef1-0897988a1c07">
<topic>asterisk -- pjproject/pjsip: crash when SSL socket destroyed during handshake</topic>
<affects>
More information about the dev-commits-ports-all
mailing list