diff -u sofia-sip-1.12.11+20110422.1/debian/changelog sofia-sip-1.12.11+20110422.1/debian/changelog
--- sofia-sip-1.12.11+20110422.1/debian/changelog
+++ sofia-sip-1.12.11+20110422.1/debian/changelog
@@ -1,3 +1,14 @@
+sofia-sip (1.12.11+20110422.1-2.1+deb10u3ubuntu0.22.04.2) jammy-security; urgency=medium
+
+  * SECURITY UPDATE: heap-over-flow and integer-overflow issues when handling
+    STUN packets
+    - libsofia-sip-ua/stun/stun_common.c: additional attribute length checks
+      implemented before accessing attributes.
+    - c3bbc50c88d168065de34ca01b9b1d98c1b0e810
+    - CVE-2023-32307
+
+ -- Evan Caville <evan.caville@canonical.com>  Thu, 05 Oct 2023 10:30:40 +1000
+
 sofia-sip (1.12.11+20110422.1-2.1+deb10u3ubuntu0.22.04.1) jammy-security; urgency=medium
 
   * fake sync from Debian
diff -u sofia-sip-1.12.11+20110422.1/libsofia-sip-ua/stun/stun_common.c sofia-sip-1.12.11+20110422.1/libsofia-sip-ua/stun/stun_common.c
--- sofia-sip-1.12.11+20110422.1/libsofia-sip-ua/stun/stun_common.c
+++ sofia-sip-1.12.11+20110422.1/libsofia-sip-ua/stun/stun_common.c
@@ -250,6 +250,10 @@
   uint32_t tmp;
   stun_attr_errorcode_t *error;
 
+  if (len < 4) {
+    return -1;
+  }
+
   memcpy(&tmp, p, sizeof(uint32_t));
   tmp = ntohl(tmp);
   error = (stun_attr_errorcode_t *) malloc(sizeof(*error));
@@ -271,6 +275,11 @@
 {
   uint32_t tmp;
   stun_attr_changerequest_t *cr;
+
+  if (len < 4) {
+    return -1;
+  }
+
   cr = (stun_attr_changerequest_t *) malloc(sizeof(*cr));
   memcpy(&tmp, p, sizeof(uint32_t));
   cr->value = ntohl(tmp);