Bug#559103: marked as done (CVE-2009-4055: RTP Remote Crash Vulnerability)

[Debian Bug Tracking System]

Your message dated Sun, 06 Dec 2009 18:50:09 +0000
with message-id <e1nhmbn-0006he...@ries.debian.org>
and subject line Bug#559103: fixed in asterisk 1:1.6.2.0~rc7-1
has caused the Debian Bug report #559103,
regarding CVE-2009-4055: RTP Remote Crash Vulnerability
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
559103: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559103
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: asterisk
Severity: grave
Tags: security

http://downloads.asterisk.org/pub/security/AST-2009-010.html

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.31-1-686 (SMP w/1 CPU core)
Locale: LANG=C, lc_ctype=de_de.iso-8859...@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash

Versions of packages asterisk depends on:
ii  adduser                3.111             add and remove users and groups
pn  asterisk-config | aste <none>            (no description available)
pn  asterisk-sounds-main   <none>            (no description available)
ii  libasound2             1.0.21a-1         shared library for ALSA applicatio
pn  libc-client2007b       <none>            (no description available)
ii  libc6                  2.10.1-7          GNU C Library: Shared libraries
pn  libcap1                <none>            (no description available)
ii  libcurl3               7.19.7-1          Multi-protocol file transfer libra
ii  libgcc1                1:4.4.2-3         GCC support library
ii  libgsm1                1.0.13-3          Shared libraries for GSM speech co
pn  libiksemel3            <none>            (no description available)
ii  libncurses5            5.7+20090803-2    shared libraries for terminal hand
ii  libnewt0.52            0.52.10-4.1       Not Erik's Windowing Toolkit - tex
ii  libogg0                1.1.4~dfsg-1      Ogg bitstream library
ii  libpopt0               1.15-1            lib for parsing cmdline parameters
ii  libpq5                 8.4.1-1           PostgreSQL C client library
pn  libpri1.0              <none>            (no description available)
pn  libradiusclient-ng2    <none>            (no description available)
pn  libsnmp15              <none>            (no description available)
ii  libspeex1              1.2~rc1-1         The Speex codec runtime library
pn  libspeexdsp1           <none>            (no description available)
pn  libsqlite0             <none>            (no description available)
ii  libssl0.9.8            0.9.8k-6          SSL shared libraries
ii  libstdc++6             4.4.2-3           The GNU Standard C++ Library v3
pn  libtonezone1           <none>            (no description available)
ii  libvorbis0a            1.2.3-3           The Vorbis General Audio Compressi
ii  libvorbisenc2          1.2.3-3           The Vorbis General Audio Compressi
pn  libvpb0                <none>            (no description available)
pn  unixodbc               <none>            (no description available)
ii  zlib1g                 1:1.2.3.3.dfsg-15 compression library - runtime

asterisk recommends no packages.

Versions of packages asterisk suggests:
pn  asterisk-dev                  <none>     (no description available)
pn  asterisk-doc                  <none>     (no description available)
pn  asterisk-h323                 <none>     (no description available)
pn  ekiga                         <none>     (no description available)
pn  kphone                        <none>     (no description available)
pn  ohphone                       <none>     (no description available)
pn  twinkle                       <none>     (no description available)

--- End Message ---

--- Begin Message ---

Source: asterisk
Source-Version: 1:1.6.2.0~rc7-1

We believe that the bug you reported is fixed in the latest version of
asterisk, which is due to be installed in the Debian FTP archive:

asterisk-config_1.6.2.0~rc7-1_all.deb
  to main/a/asterisk/asterisk-config_1.6.2.0~rc7-1_all.deb
asterisk-dbg_1.6.2.0~rc7-1_i386.deb
  to main/a/asterisk/asterisk-dbg_1.6.2.0~rc7-1_i386.deb
asterisk-dev_1.6.2.0~rc7-1_all.deb
  to main/a/asterisk/asterisk-dev_1.6.2.0~rc7-1_all.deb
asterisk-doc_1.6.2.0~rc7-1_all.deb
  to main/a/asterisk/asterisk-doc_1.6.2.0~rc7-1_all.deb
asterisk-h323_1.6.2.0~rc7-1_i386.deb
  to main/a/asterisk/asterisk-h323_1.6.2.0~rc7-1_i386.deb
asterisk-sounds-main_1.6.2.0~rc7-1_all.deb
  to main/a/asterisk/asterisk-sounds-main_1.6.2.0~rc7-1_all.deb
asterisk_1.6.2.0~rc7-1.debian.tar.gz
  to main/a/asterisk/asterisk_1.6.2.0~rc7-1.debian.tar.gz
asterisk_1.6.2.0~rc7-1.dsc
  to main/a/asterisk/asterisk_1.6.2.0~rc7-1.dsc
asterisk_1.6.2.0~rc7-1_i386.deb
  to main/a/asterisk/asterisk_1.6.2.0~rc7-1_i386.deb
asterisk_1.6.2.0~rc7.orig.tar.gz
  to main/a/asterisk/asterisk_1.6.2.0~rc7.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 559...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Tzafrir Cohen <tzafrir.co...@xorcom.com> (supplier of updated asterisk package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 02 Dec 2009 20:47:02 +0200
Source: asterisk
Binary: asterisk asterisk-h323 asterisk-doc asterisk-dev asterisk-dbg 
asterisk-sounds-main asterisk-config
Architecture: source all i386
Version: 1:1.6.2.0~rc7-1
Distribution: unstable
Urgency: high
Maintainer: Debian VoIP Team <pkg-voip-maintain...@lists.alioth.debian.org>
Changed-By: Tzafrir Cohen <tzafrir.co...@xorcom.com>
Description: 
 asterisk   - Open Source Private Branch Exchange (PBX)
 asterisk-config - Configuration files for Asterisk
 asterisk-dbg - Debugging symbols for Asterisk
 asterisk-dev - Development files for Asterisk
 asterisk-doc - Source code documentation for Asterisk
 asterisk-h323 - H.323 protocol support for Asterisk
 asterisk-sounds-main - Core Sound files for Asterisk (English)
Closes: 559103
Changes: 
 asterisk (1:1.6.2.0~rc7-1) unstable; urgency=high
 .
   * New upstream release candidate.
     - Fixes RTP comfort noise issues: CVE-2009-4055 (Closes: #559103).
Checksums-Sha1: 
 b46a07048b142ba09a4e95fba4a3f13a00222e9a 2120 asterisk_1.6.2.0~rc7-1.dsc
 827b99a42b9ec1efacc9eeee428530be7dec56fa 23088807 
asterisk_1.6.2.0~rc7.orig.tar.gz
 b7187149046c974ea6b353d37e2712e48afa1721 57764 
asterisk_1.6.2.0~rc7-1.debian.tar.gz
 1e7adfd298f5d44744782533408b9853f984e1a9 1586156 
asterisk-doc_1.6.2.0~rc7-1_all.deb
 e27338cf0baf0b62a02b480222ff6a9a0a6336a1 571222 
asterisk-dev_1.6.2.0~rc7-1_all.deb
 3a7b40af90978187397e54fdc3a4e3dad059cdea 17416324 
asterisk-sounds-main_1.6.2.0~rc7-1_all.deb
 9be3cb63f7aa2ef81e795ab083c2bff45af80034 643060 
asterisk-config_1.6.2.0~rc7-1_all.deb
 c1414662ac56549962bd8db64322ade22f1451d1 3380354 
asterisk_1.6.2.0~rc7-1_i386.deb
 b7666a4932acc6793c6421d6b34b373d023efc56 466798 
asterisk-h323_1.6.2.0~rc7-1_i386.deb
 2f8ffc734e0756e794840afdf437f016fab41565 21080796 
asterisk-dbg_1.6.2.0~rc7-1_i386.deb
Checksums-Sha256: 
 125d1b49286c1e1b859f8012149d21ae5198bcc6db841b78b405c22b0fd0e06e 2120 
asterisk_1.6.2.0~rc7-1.dsc
 979b658c20de5c4cedf4990303783f74073d3c961bb012718503a2ded7e71890 23088807 
asterisk_1.6.2.0~rc7.orig.tar.gz
 b8a18cd86e6ed9ec50867fb1119ed956b6645ac6cbde73d90b2b82f79ebf3748 57764 
asterisk_1.6.2.0~rc7-1.debian.tar.gz
 a2e5fd2e61b7cd81282de06e9643dfa27dbc91e15d59b778f83189ce45b052a7 1586156 
asterisk-doc_1.6.2.0~rc7-1_all.deb
 24ae0d0b0fcdd5af077821b51ff6374856facb4de787cf79ba201d341e63bd1a 571222 
asterisk-dev_1.6.2.0~rc7-1_all.deb
 9cb6a58e2175a08a9d8e780167a548c632b3844d8a7c3b704d8331206a0c3908 17416324 
asterisk-sounds-main_1.6.2.0~rc7-1_all.deb
 1ebe23d13b057e58e2898c12ac8ff4621c8231707edaaf49f340f596ce306e90 643060 
asterisk-config_1.6.2.0~rc7-1_all.deb
 c7da9e01fcc8ba87f197cbe2596df87defed41a6732da58e1ea3bbe0ac5f4949 3380354 
asterisk_1.6.2.0~rc7-1_i386.deb
 cdb79fbd7b355072b613022e03f8382afbb810d6f92d3ce65baf582498c2c279 466798 
asterisk-h323_1.6.2.0~rc7-1_i386.deb
 882ddf952a26522b7c848af8b698d22c32b300f05b9d6044441b1544184eecc2 21080796 
asterisk-dbg_1.6.2.0~rc7-1_i386.deb
Files: 
 b54b68755905dfba9c38053320968c70 2120 comm optional asterisk_1.6.2.0~rc7-1.dsc
 67d90f1a7af5a3dcf5de9b342e7f21a9 23088807 comm optional 
asterisk_1.6.2.0~rc7.orig.tar.gz
 e4206688a8754077fa040bcfe9104fef 57764 comm optional 
asterisk_1.6.2.0~rc7-1.debian.tar.gz
 8b5c83110dfc1904dab11db82d7cbe6e 1586156 doc extra 
asterisk-doc_1.6.2.0~rc7-1_all.deb
 142bf95c5b38978c67db09935e169290 571222 devel extra 
asterisk-dev_1.6.2.0~rc7-1_all.deb
 6443d27cc3ceff6472a181399f926882 17416324 comm optional 
asterisk-sounds-main_1.6.2.0~rc7-1_all.deb
 ee4a648660ededa4141cbeaf9b1154de 643060 comm optional 
asterisk-config_1.6.2.0~rc7-1_all.deb
 1ee78320778fe9b017e9788a48647faf 3380354 comm optional 
asterisk_1.6.2.0~rc7-1_i386.deb
 b937d327e1213273d92fa7248dcf9927 466798 comm optional 
asterisk-h323_1.6.2.0~rc7-1_i386.deb
 eb4450d27c2fec5dfb08bdfe75aa6687 21080796 debug extra 
asterisk-dbg_1.6.2.0~rc7-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAksb8IIACgkQVty5d8XpUzNq4gCeJdPqLU4NKgC7s8bMt6CsjBTB
10wAnjpFt9ICL8/WX0GJM+LfC7YcYKsA
=P+q8
-----END PGP SIGNATURE-----

--- End Message ---