reassign 484796 asterisk-ooh323c close 484796 1.4.7-1 thanks
Nico Golde wrote:
Package: asterisk-oh323 Severity: grave Tags: security
> CVE-2008-2543[0]:
| The ooh323 channel driver in Asterisk Addons 1.2.x before 1.2.9 and | Asterisk-Addons 1.4.x before 1.4.7 creates a remotely accessible TCP | port that is intended solely for localhost communication, and | interprets some TCP application-data fields as addresses of memory to | free, which allows remote attackers to cause a denial of service | (daemon crash) via crafted TCP packets. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry.
This is not for chan_oh323, it's for chan_ooh323(c). A fixed version was uploaded yesterday. Thanks, Faidon -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
