pjproject (2.1.0.0.ast20130823-1+deb8u1ubuntu0.1~esm1) xenial-security; urgency=medium

  * SECURITY UPDATE: buffer overflow when parsing ICE session credentials
    - debian/patches/CVE-2026-25994-1.patch: Validate credential lengths
      in pjnath/src/pjnath/ice_session.c.
    - debian/patches/CVE-2026-25994-2.patch: Fix wrong operator in ICE
      credential verification in pjnath/src/pjnath/ice_session.c.
    - CVE-2026-25994
  * SECURITY UPDATE: integer overflow when parsing SIP headers
    - debian/patches/CVE-2017-16872.patch: Add validity checking for numeric
      header values in pjlib/include/pj/compat/limits.h,
      pjlib/include/pj/compat/os_win32.h, pjlib/include/pj/limits.h,
      pjlib/include/pj/string.h, pjlib/include/pj/types.h,
      pjlib/src/pj/string.c, pjlib/src/pj/timer.c,
      pjsip/include/pjsip/sip_parser.h, pjsip/src/pjsip/sip_parser.c,
      pjsip/src/pjsip/sip_transaction.c, pjsip/src/pjsip/sip_transport.c.
    - debian/libpjsip2.symbols: Add symbols introduced by patch.
    - debian/libpj2.symbols: Add symbols introduced by patch.
    - CVE-2017-16872
  * SECURITY UPDATE: denial of service by double ioqueue key unregistration
    - debian/patches/CVE-2017-16875.patch: Avoid double ioqueue key
      unregistration in pjlib/src/pj/activesock.c,
      pjlib/src/pj/ioqueue_epoll.c, pjlib/src/pj/ioqueue_select.c.
    - CVE-2017-16875
  * SECURITY UPDATE: denial of service due to server crash
    - debian/patches/CVE-2018-1000098.patch: Fix crash when parsing SDP with
      an invalid media format description in pjmedia/src/pjmedia/sdp.c.
    - debian/patches/CVE-2018-1000099.patch: Fix crash when receiving SDP with
      invalid fmtp attribute in pjmedia/src/pjmedia/sdp.c.
    - debian/patches/CVE-2021-21375.patch: Prevent crash during SDP session
      negotiation in pjmedia/src/pjmedia/sdp_neg.c.
    - CVE-2018-1000098
    - CVE-2018-1000099
    - CVE-2021-21375
  * SECURITY UPDATE: insecure reuse of TLS connections
    - debian/patches/CVE-2020-15260-1.patch: Check hostname during TLS
      transport selection in pjsip/include/pjsip/sip_dialog.h,
      pjsip/src/pjsip/sip_dialog.c, pjsip/src/pjsip/sip_transport.c,
      pjsip/src/pjsip/sip_util.c.
    - debian/patches/CVE-2020-15260-2.patch: Fix secure transport
    checking in pjsip/src/pjsip/sip_transport.c.
    - CVE-2020-15260
  * SECURITY UPDATE: remote code execution due to integer underflow
    - debian/patches/CVE-2021-37706.patch: Fix integer underflow when parsing
      STUN packets in pjnath/src/pjnath/stun_msg.c.
    - CVE-2021-37706
  * SECURITY UPDATE: buffer overflow in PJSUA APIs
    - debian/patches/CVE-2021-43299_to_CVE-2021-43303.patch: Perform buffer
      length checks in pjmedia/include/pjmedia/wav_playlist.h,
      pjmedia/src/pjmedia/wav_playlist.c, pjsip/include/pjsua-lib/pjsua.h,
      pjsip/src/pjsua-lib/pjsua_aud.c, pjsip/src/pjsua-lib/pjsua_dump.c.
    - CVE-2021-43299
    - CVE-2021-43300
    - CVE-2021-43301
    - CVE-2021-43302
    - CVE-2021-43303

 -- Edwin Jiang <edwin.jiang@canonical.com>  Mon, 23 Mar 2026 12:09:56 -0400

pjproject (2.1.0.0.ast20130823-1+deb8u1build0.16.04.1) xenial-security; urgency=medium

  * fake sync from Debian

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 23 Aug 2017 08:36:27 -0400

pjproject (2.1.0.0.ast20130823-1+deb8u1) jessie-security; urgency=medium

  * CVE-2017-9359 CVE-2017-9372

 -- Moritz Muehlenhoff <jmm@debian.org>  Wed, 09 Aug 2017 23:04:04 +0200

pjproject (2.1.0.0.ast20130823-1) unstable; urgency=low

  [ Jeremy Lainé ]
  * Fix dh_auto_clean on an unconfigured source tree (Closes: #722013).
  * Fix syntax error in machine-readable debian/copyright.
  * Update Standards-Version to 3.9.4 (no changes).

  [ Tzafrir Cohen ]
  * Further copyright fixes.
  * New upstream git snapshot:
    pkgconfig_nodestdir.patch, soname.patch dropped: merged upstream.
  * fix_gcc_warn.patch: remove some build warnings.

 -- Tzafrir Cohen <tzafrir@debian.org>  Thu, 12 Sep 2013 16:53:51 +0300

pjproject (2.1.0~ast20130801-1) unstable; urgency=low

  * Initial release. (Closes: #708122)

 -- Tzafrir Cohen <tzafrir@debian.org>  Wed, 07 Aug 2013 22:20:07 +0300
