<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
</head>
<body bgcolor="#ffffff" text="#000000">
<pre>This message was generated by the Security Alerts service ( Free Trial 14th of August - 14th of September )
<a class="moz-txt-link-freetext" href="http://www.opensips.org/Resources/AlertsMain">http://www.opensips.org/Resources/AlertsMain</a>
<b>
SVN commit</b>:
<a class="moz-txt-link-freetext" href="http://opensips.svn.sourceforge.net/viewvc/opensips?view=revision&revision=9165">http://opensips.svn.sourceforge.net/viewvc/opensips?view=revision&revision=9165</a>
<a class="moz-txt-link-freetext" href="http://opensips.svn.sourceforge.net/viewvc/opensips?view=revision&revision=9192">http://opensips.svn.sourceforge.net/viewvc/opensips?view=revision&revision=9192</a>
<b>Severity</b>: Low
<b>Version</b> : all
<b>Affected modules</b> : B2B_entities, pua and presence modules
<b>Effect</b> : Advertising the wrong IP:port in the contact hdr
<b>Affected scenarios</b>: While using the presence or B2B related modules, when OpenSIPS has to build the contact header for
generating new requests (acting as UAC!), it will ignore the eventual "advertised address / port" options configured for
the interfaces.
<b>Description:</b> Instead of checking if some "advertise" options are set for the interface, the contact header was all the
time built based on the real IP and PORT of the interface. Shortly, the "advertising" functionality (for interfaces) was
not working for these modules.
<b>Risks</b> : generate wrong Contact header (with wrong IP info, but valid as syntax).
<b>Update</b> :
- if you have an SVN checkout, 1.8 and trunk were fixed; so update to a revision later than 9192 (trunk) or
9193 (1.8 branch).
- if you have OpenSIPS from sources see the attached patch;
- if using tarballs, they were already regenerated (and include the fix). Available only for 1.8.
- If using the official Debian package (apt.opensips.org), they are also re-generated including the fix
(available for 1.8 and trunk).
</pre>
<pre class="moz-signature" cols="72">--
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
<a class="moz-txt-link-freetext" href="http://www.opensips-solutions.com">http://www.opensips-solutions.com</a></pre>
</body>
</html>