Debian 10260 Published by

A pjproject security update has been released for Debian GNU/Linux 9 Extended LTS to address a stack buffer overflow vulnerability.



ELA-645-1 pjproject security update

Package pjproject
Version 2.5.5~dfsg-6+deb9u6 (stretch)
Related CVEs CVE-2022-31031

There was a stack buffer overflow vulnerability in pjproject, a multimedia communication library used in various VOIP frameworks. pjproject now maintains a maximum attribute count to prevent this from happening.

For Debian 9 stretch, these problems have been fixed in version 2.5.5~dfsg-6+deb9u6.

We recommend that you upgrade your pjproject packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/

  ELA-645-1 pjproject security update