ELA-645-1 pjproject security update

stack overflow vulnerability

2022-07-15
Packagepjproject
Version2.5.5~dfsg-6+deb9u6 (stretch)
Related CVEs CVE-2022-31031


There was a stack buffer overflow vulnerability in pjproject, a multimedia communication library used in various VOIP frameworks. pjproject now maintains a maximum attribute count to prevent this from happening.



For Debian 9 stretch, these problems have been fixed in version 2.5.5~dfsg-6+deb9u6.

We recommend that you upgrade your pjproject packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.