Package: asterisk Version: 1:1.6.2.0~dfsg~beta3-1 Severity: serious Tags: security patch
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for asterisk. CVE-2009-2651[0]: | main/rtp.c in Asterisk Open Source 1.6.1 before 1.6.1.2 allows remote | attackers to cause a denial of service (crash) via an RTP text frame | without a certain delimiter, which triggers a NULL pointer dereference | and the subsequent calculation of an invalid pointer. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2651 http://security-tracker.debian.net/tracker/CVE-2009-2651 http://downloads.asterisk.org/pub/security/AST-2009-004.html Patch: http://downloads.asterisk.org/pub/security/AST-2009-004-1.6.1.diff.txt -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkp0A3oACgkQNxpp46476arl4ACdH0o5O/dZ4iQfOEEeMIWrKGVa zEMAnjHCiRqFue+b7dRArjbCINLwLTXJ =plQS -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
