Package: asterisk Severity: grave Tags: security patch Hi, the following advisory by the asterisk people was published for asterisk.
AST-2008-001[0]: | The handling of the BYE with Also transfer method was broken during the | development of Asterisk 1.4. If a transfer attempt is made using this method | the system will immediately crash upon handling the BYE message due to trying | to copy data into a NULL pointer. It is important to note that a dialog must | have already been established and up in order for this to happen. If you fix this vulnerability please also include the CVE id in your changelog entry. You can find a patch on: http://svn.digium.com/view/asterisk/branches/1.4/channels/chan_sip.c?view=patch&r1=95191&r2=95946&pathrev=95946 For further information: [0] http://downloads.digium.com/pub/security/AST-2008-001.html Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpsriIWiyoax.pgp
Description: PGP signature
