Created attachment 166711 [details] patch Testbuilds all fine, portlint all OK Changes: - Use BE byte ordering of RTCP trailer. - Allow zero length payload on unprotect. - Fix for CVE-2015-6360. - Pull request 103 - Makefile.in: Don't hard-code ar. - Pull request 99 - Various fixes for compiling with Visual Studio. - Pull request 98 - Do not duplicate shared library when installing. Please note that 2.0.0 was released recently.
A commit references this bug: Author: pi Date: Sun Feb 21 07:47:58 UTC 2016 New revision: 409268 URL: https://svnweb.freebsd.org/changeset/ports/409268 Log: net/libsrtp: 1.5.2 -> 1.5.4 Changes: - Fix for CVE-2015-6360. - Use BE byte ordering of RTCP trailer. - Allow zero length payload on unprotect. PR: 207003 MFH: 2016Q1 Approved by: alexander@brovikov.ru (maintainer timeout) Changes: head/net/libsrtp/Makefile head/net/libsrtp/distinfo
Apologies, I missed the creation date of this issue
Comment on attachment 166711 [details] patch Maintainer timeout (2+ weeks), implicit approval
MFH pending ports-secteam approval
A commit references this bug: Author: pi Date: Sun Feb 21 10:17:55 UTC 2016 New revision: 409276 URL: https://svnweb.freebsd.org/changeset/ports/409276 Log: net/libsrtp: 1.5.2 -> 1.5.4, fixes CVE-2015-6360 PR: 207003 MFH: r409268 Approved by: portmgr (miwi) Changes: branches/2016Q1/net/libsrtp/Makefile branches/2016Q1/net/libsrtp/distinfo
A commit references this bug: Author: junovitch Date: Sun Feb 21 14:55:48 UTC 2016 New revision: 409293 URL: https://svnweb.freebsd.org/changeset/ports/409293 Log: Document libsrtp DoS via crafted RTP header vulnerability PR: 207003 Reported by: pi Security: CVE-2015-6360 Security: https://vuxml.FreeBSD.org/freebsd/6171eb07-d8a9-11e5-b2bd-002590263bf5.html Changes: head/security/vuxml/vuln.xml