Ubuntu
coturn package

Upstream release with security fixes - 4.5.1.2

Bug #1876274 reported by Ben
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
coturn (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

Coturn 4.5.1.2 was released on 2020-05-01 with security fixes:
https://github.com/coturn/coturn/releases/tag/4.5.1.2

CVE References

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in coturn (Ubuntu):
status: New → Confirmed
Revision history for this message
Zachary Crockett (towynlin) wrote :

Additionally, high severity CVE-2020-4067 was fixed in 4.5.1.3 on June 29th:
https://github.com/coturn/coturn/security/advisories/GHSA-c8r8-8vp5-6gcm

Revision history for this message
Zachary Crockett (towynlin) wrote :

I see Groovy & Hirsute are already updated to 4.5.1.3. For me specifically, I've got a Focal server that needs the security patches from 4.5.1.1 to 4.5.1.3.

Revision history for this message
Zachary Crockett (towynlin) wrote :

Ah, but the changelog for the current focal version looks like 3 security patches including the one covering CVE-2020-4067 may have been backported to 4.5.1.1:
https://launchpad.net/ubuntu/+source/coturn/4.5.1.1-1.1ubuntu0.20.04.1

If that's true, then apologies for the noise, but someone who knows for certain should act on this issue, maybe just setting the status to Fix Released.

Logan Rosen (logan)
Changed in coturn (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.