coturn 4.5.1.3-1 source package in Ubuntu

Changelog

coturn (4.5.1.3-1) unstable; urgency=medium

  * [ec640a2] New upstream release (4.5.1.3)
    - Fixes CVE-2020-6061
      heap overflow vulnerability
      Crafted HTTP POST request can lead to information leaks
      and other misbehavior
    - Fixes CVE-2020-6062
      denial-of-service vulnerability
      Crafted HTTP POST request can lead to server crash and denial of service
    - Fixes CVE-2020-4067
      STUN response buffer not initialized
      One client (an attacker) could use their connection to intelligently
      query coturn server to get interesting bytes in the padding bytes from
      the connection of another client
    - Tidy, and remove compatibility layers
      * Remove turn_free_simple
      * Remove turn_malloc()
      * Remote turn_realloc()
      * Remote turn_free()
      * Remove turn_calloc()
      * Remove turn_strdup()
      * Remove SSL_NEW() and SSL_FREE()
      * Remove pointer debugging machinery
      * Remove ns_bzero(), ns_bcopy(), and ns_bcmp()
      * Remove [su]{08,16,32,64}bits type defines
    - Fix the webadmin ip permission add/delete sql injection
    - Fix mongo driver crash when invalid connection string is used
    - Change Diffie Hellman default key length from 1066 to 2066
    - New test Certificate and test CA
    - Fixes in packaging (rpm, docker)
  * [1af9910] Remove patch for CVE 2020 6061+6062
  * [82079ae] Update debehelper to debhelper-compat  and ver 13
  * [60997b6] Add Pre-Depends
  * [2830ed6] Add Rules-Requires-Root
  * [f648d45] Update metadata
  * [aca2929] Change Debian VoIP Team mailinglist
  * [f2f1398] exclude CA from examples and docs
  * [83c24b5] Add symlink turnutils_uclient > usr/bin/turnutils
  * [1f2cd31] migrate bin from turnserver to coturn, symlink

 -- Mészáros Mihály <email address hidden>  Sat, 27 Jun 2020 17:24:51 +0200