A pjproject security update has been released for Debian GNU/Linux 9 Extended LTS to address a buffer overflow vulnerability.
ELA-710-1 pjproject security update
Package pjproject
ELA-710-1 pjproject security update
Version 2.5.5~dfsg-6+deb9u7 (stretch)
Related CVEs CVE-2022-39244
PJSIP is a free and open source multimedia communication library written in C. The PJSIP parser, PJMEDIA RTP decoder, and PJMEDIA SDP parser are affected by a buffer overflow vulnerability. Users connecting to untrusted clients are at risk.
For Debian 9 stretch, these problems have been fixed in version 2.5.5~dfsg-6+deb9u7.
We recommend that you upgrade your pjproject packages.
Further information about Extended LTS security advisories can be found at: debian Extended Long term support
