Overview

File _patchinfo of Package patchinfo.18347

<patchinfo incident="18347">
  <issue tracker="cve" id="2024-3119"/>
  <issue tracker="cve" id="2024-3120"/>
  <packager>mnhauke</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for sngrep</summary>
  <description>This update for sngrep fixes the following issues:

- Update to version 1.8.1
  * Fix CVE-2024-3119: sngrep: buffer overflow due to improper
    handling of 'Call-ID' and 'X-Call-ID' SIP headers.
  * Fix CVE-2024-3120: sngrep: stack-buffer overflow due to
    inadequate bounds checking when copying 'Content-Length' and
    'Warning' headers into fixed-size buffers.

- Update to versino 1.8.0
  * fix typo in message, thanks to lintian.
  * fix compiler warnings about unused variables.
  * Fixed a typo in comment line in filter.c
  * Redefine usage of POSIX signals.
  * Support for building sngrep using CMake added.

- Update to version 1.7.0
  * save: add option --text to save captured data to plain text
  * capture: fix memory overflows while parsing IP headers
  * hep: fix hep listener enabled in offline mode
  * core: stop sngrep when parent process has ended
  * ssl: fix decrypt with AES256 GCM SHA384 cipher
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places