| Name | CVE-2015-6360 |
| Description | The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a denial of service via crafted fields in SRTP packets, aka Bug ID CSCux00686. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| References | DLA-393-1, DSA-3539-1 |
| Debian Bugs | 807698 |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| srtp | source | experimental | 1.5.3~dfsg-1 | |||
| srtp | source | squeeze | 1.4.4~dfsg-6+deb6u2 | DLA-393-1 | ||
| srtp | source | wheezy | 1.4.4+20100615~dfsg-2+deb7u2 | DSA-3539-1 | ||
| srtp | source | jessie | 1.4.5~20130609~dfsg-1.1+deb8u1 | DSA-3539-1 | ||
| srtp | source | (unstable) | 1.4.5~20130609~dfsg-1.2 | 807698 |
Fix: https://github.com/cisco/libsrtp/commit/704a31774db0dd941094fd2b47c21638b8dc3de2
Fixup: https://github.com/cisco/libsrtp/commit/be95365fbb4788b688cab7af61c65b7989055fb4
Fixup: https://github.com/cisco/libsrtp/commit/be06686c8e98cc7bd934e10abb6f5e971d03f8ee
Fixup: https://github.com/cisco/libsrtp/commit/cdc69f2acde796a4152a250f869271298abc233f