Your message dated Thu, 29 Oct 2009 20:22:15 +0000
with message-id <e1n3bvf-0002aj...@ries.debian.org>
and subject line Bug#552756: fixed in asterisk 1:1.6.2.0~rc3-2
has caused the Debian Bug report #552756,
regarding AST-2009-007: SIP INVITE ACL bypass
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
552756: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=552756
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: asterisk
Version: 1:1.6.2.0~dfsg~rc1-1
Severity: grave
Tags: security patch
Hi,
A vulnerability has been reported in asterisk that allows a device to make
calls on networks intended to be prohibited as defined by the "deny"
and "permit" lines in sip.conf.
The original advisory can be found at:
http://downloads.asterisk.org/pub/security/AST-2009-007.html
And the patch at:
http://downloads.asterisk.org/pub/security/AST-2009-007-1.6.1.diff.txt
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry, whenever one is assigned.
Cheers,
--
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net
--- End Message ---
--- Begin Message ---
Source: asterisk
Source-Version: 1:1.6.2.0~rc3-2
We believe that the bug you reported is fixed in the latest version of
asterisk, which is due to be installed in the Debian FTP archive:
asterisk-config_1.6.2.0~rc3-2_all.deb
to main/a/asterisk/asterisk-config_1.6.2.0~rc3-2_all.deb
asterisk-dbg_1.6.2.0~rc3-2_i386.deb
to main/a/asterisk/asterisk-dbg_1.6.2.0~rc3-2_i386.deb
asterisk-dev_1.6.2.0~rc3-2_all.deb
to main/a/asterisk/asterisk-dev_1.6.2.0~rc3-2_all.deb
asterisk-doc_1.6.2.0~rc3-2_all.deb
to main/a/asterisk/asterisk-doc_1.6.2.0~rc3-2_all.deb
asterisk-h323_1.6.2.0~rc3-2_i386.deb
to main/a/asterisk/asterisk-h323_1.6.2.0~rc3-2_i386.deb
asterisk-sounds-main_1.6.2.0~rc3-2_all.deb
to main/a/asterisk/asterisk-sounds-main_1.6.2.0~rc3-2_all.deb
asterisk_1.6.2.0~rc3-2.diff.gz
to main/a/asterisk/asterisk_1.6.2.0~rc3-2.diff.gz
asterisk_1.6.2.0~rc3-2.dsc
to main/a/asterisk/asterisk_1.6.2.0~rc3-2.dsc
asterisk_1.6.2.0~rc3-2_i386.deb
to main/a/asterisk/asterisk_1.6.2.0~rc3-2_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 552...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Faidon Liambotis <parav...@debian.org> (supplier of updated asterisk package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 29 Oct 2009 21:38:55 +0200
Source: asterisk
Binary: asterisk asterisk-h323 asterisk-doc asterisk-dev asterisk-dbg
asterisk-sounds-main asterisk-config
Architecture: source all i386
Version: 1:1.6.2.0~rc3-2
Distribution: unstable
Urgency: high
Maintainer: Debian VoIP Team <pkg-voip-maintain...@lists.alioth.debian.org>
Changed-By: Faidon Liambotis <parav...@debian.org>
Description:
asterisk - Open Source Private Branch Exchange (PBX)
asterisk-config - Configuration files for Asterisk
asterisk-dbg - Debugging symbols for Asterisk
asterisk-dev - Development files for Asterisk
asterisk-doc - Source code documentation for Asterisk
asterisk-h323 - H.323 protocol support for Asterisk
asterisk-sounds-main - Core Sound files for Asterisk (English)
Closes: 552604 552756
Changes:
asterisk (1:1.6.2.0~rc3-2) unstable; urgency=high
.
[ Faidon Liambotis ]
* Really ship MoH sounds, as mentioned in the rc1 upload.
* Move dahdi to Should-Start instead of Required-Start in the init script.
(Closes: #552604)
* Security fix: "ACL check not present for verifying SIP INVITEs",
AST-2009-007. (Closes: #552756)
* Urgency high because of security fix upload.
.
[ Tzafrir Cohen ]
* Add a sample startup init script. Not installed.
* Add mysql and postgresql to Should-Start/Stop: Asterisk may use them
in real-time mode.
Checksums-Sha1:
fb09f6b4bd328a15a74d866dc8663629ab3ffd91 2093 asterisk_1.6.2.0~rc3-2.dsc
fa5f412635d9d84f55cde50e98b0ed12318b5bc0 56069 asterisk_1.6.2.0~rc3-2.diff.gz
b6084bb63b39fb64ceda23dea3b6000b6f035c08 1564576
asterisk-doc_1.6.2.0~rc3-2_all.deb
e79e49bbf90c7ee8ff7a2a206b1158326f6fb5ef 550274
asterisk-dev_1.6.2.0~rc3-2_all.deb
11a07ca554921c0e8249230b65753460355767d7 17395540
asterisk-sounds-main_1.6.2.0~rc3-2_all.deb
d9e60d3e0742fdc0aa9ea96426b5a6e5f21f463d 620546
asterisk-config_1.6.2.0~rc3-2_all.deb
e6c8dd354b17035a51fc49a067968b6e6505f758 3374574
asterisk_1.6.2.0~rc3-2_i386.deb
47b1a0e49c0ad471f9a145d2f2e7405c2742a7dd 445974
asterisk-h323_1.6.2.0~rc3-2_i386.deb
6b32a3416869dacbf244a46038f3d86c4d2a7865 21462090
asterisk-dbg_1.6.2.0~rc3-2_i386.deb
Checksums-Sha256:
59a44f846716ea2b1a437c33f759cb1fcdc2d84ad372a8971edeb214583b9e5f 2093
asterisk_1.6.2.0~rc3-2.dsc
ec64089ab5eb826c1e9cdbc1fabf74e4b80803ca8ca107a929c94d5ea8deb979 56069
asterisk_1.6.2.0~rc3-2.diff.gz
eed6b30768ef7341d01f16ed67a85ca89b37ecd91f721667d2ec103500b3991c 1564576
asterisk-doc_1.6.2.0~rc3-2_all.deb
14fbc0f3e5f6f402398026e32915696ee9032bb013b4408a587f58c3370c4590 550274
asterisk-dev_1.6.2.0~rc3-2_all.deb
73cf4ffee5d6037953f35eecc65fffc757bf573f21b867366a4f39283c646346 17395540
asterisk-sounds-main_1.6.2.0~rc3-2_all.deb
b8b2c4f487ddbd430c3e0d768f026c1365019320a5d35cc726f497f6135fbe09 620546
asterisk-config_1.6.2.0~rc3-2_all.deb
0758b5a3456ca6ef236f9a6e4494ea0bbb92e9a3b1f9cb315e101357cc698147 3374574
asterisk_1.6.2.0~rc3-2_i386.deb
91541538f64720e3837794814631719717e8b8ffc90ba47e61c2b9e0211e29cd 445974
asterisk-h323_1.6.2.0~rc3-2_i386.deb
a9eb7f6308299bcc752f3d684aed0cae5686eb9e606231f419bfe0e1a9a03ca5 21462090
asterisk-dbg_1.6.2.0~rc3-2_i386.deb
Files:
0128ccf9e39d1cb9cabdd599dbf4d843 2093 comm optional asterisk_1.6.2.0~rc3-2.dsc
1e6e87dc1ca906da636254fa096f9826 56069 comm optional
asterisk_1.6.2.0~rc3-2.diff.gz
7f3f151afe2934a941c8be298b85dd98 1564576 doc extra
asterisk-doc_1.6.2.0~rc3-2_all.deb
41bfd9ce669f112220f03188b0277bbf 550274 devel extra
asterisk-dev_1.6.2.0~rc3-2_all.deb
cdc300572f7b18d5f5a91bf3b1482395 17395540 comm optional
asterisk-sounds-main_1.6.2.0~rc3-2_all.deb
ee3ca300ccfcec6b1519df4d11485faa 620546 comm optional
asterisk-config_1.6.2.0~rc3-2_all.deb
1254e9d912ff4ec54f75a60229d8a37f 3374574 comm optional
asterisk_1.6.2.0~rc3-2_i386.deb
74a56c9e875126bfbc7d481569fe2279 445974 comm optional
asterisk-h323_1.6.2.0~rc3-2_i386.deb
e6161587210a8dbcc1ba4a64528da485 21462090 debug extra
asterisk-dbg_1.6.2.0~rc3-2_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkrp8jgACgkQVty5d8XpUzN37wCeP8agg5SCIV/JY9EUj1kQE+SH
vqcAmwe1IaHWgHrYsEsq9q7zILl0LKol
=wJCK
-----END PGP SIGNATURE-----
--- End Message ---
