[SR-Users] Re: Three year old issue with a new CVE vulnerability report being reported

Sorry - for clarification, this issue is or is not fixed in Kamailio v5.6.4? Kaufman -----Original Message----- From: Olle E. Johansson <oej(a)edvina.net> Sent: Tuesday, March 28, 2023 9:47 AM To: sr-users(a)lists.kamailio.org Subject: [SR-Users] Three year old issue with a new CVE vulnerability report being reported CAUTION: This email originated from outside the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. Hi Kamailians! A new CVE with a critical severity level was published recently for an almost three year old bug, which was also fixed and released three years ago (CVE-2020-27507). The issue was fixed in Kamailio 5.4.2 and is not present in newer releases. The Kamailio project has unfortunately not been involved in the CVE process or been informed about this old issue being published at this time. We take vulnerability handling seriously and our process is documented at: https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.kamai… The latest stable branch is 5.6, with v5.6.4 released out of it. Reference: https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcve.mitre… Best regards and thanks for flying Kamailio! The Kamailio dev team through /Olle __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-leave(a)lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe: