Fixes: CVE-2020-6061, CVE-2020-6062
An exploitable heap overflow vulnerability exists in the way CoTURN
4.5.1.1 web server parses POST requests. A specially crafted HTTP
POST request can lead to information leaks and other misbehavior.
An attacker needs to send an HTTPS request to trigger this vulnerability.
An exploitable denial-of-service vulnerability exists in the way
CoTURN 4.5.1.1 web server parses POST requests. A specially crafted
HTTP POST request can lead to server crash and denial of service.
An attacker needs to send an HTTP request to trigger this vulnerability.
Semi-automatic update. These checks were performed:
- built on NixOS
- ran `/nix/store/70pa0xb505v9glp792ldfq66ifjbrk5i-coturn-4.5.0.7/bin/turnserver -h` got 0 exit code
- ran `/nix/store/70pa0xb505v9glp792ldfq66ifjbrk5i-coturn-4.5.0.7/bin/turnserver -h` and found version 4.5.0.7
- ran `/nix/store/70pa0xb505v9glp792ldfq66ifjbrk5i-coturn-4.5.0.7/bin/turnadmin -h` got 0 exit code
- ran `/nix/store/70pa0xb505v9glp792ldfq66ifjbrk5i-coturn-4.5.0.7/bin/turnadmin --help` got 0 exit code
- ran `/nix/store/70pa0xb505v9glp792ldfq66ifjbrk5i-coturn-4.5.0.7/bin/turnutils_natdiscovery help` got 0 exit code
- found 4.5.0.7 with grep in /nix/store/70pa0xb505v9glp792ldfq66ifjbrk5i-coturn-4.5.0.7
- found 4.5.0.7 in filename of file in /nix/store/70pa0xb505v9glp792ldfq66ifjbrk5i-coturn-4.5.0.7
The old forms presumably predates, or were made in ignorance of,
`let inherit`. This way is better style as the scoping as more lexical,
something which Nix can (or might already!) take advantage of.