Your message dated Wed, 16 Dec 2009 23:32:30 +0000
with message-id <e1nl3m6-0008ly...@ries.debian.org>
and subject line Bug#559103: fixed in asterisk 1:1.4.21.2~dfsg-3+lenny1
has caused the Debian Bug report #559103,
regarding CVE-2009-4055: RTP Remote Crash Vulnerability
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
559103: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559103
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: asterisk
Severity: grave
Tags: security
http://downloads.asterisk.org/pub/security/AST-2009-010.html
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.31-1-686 (SMP w/1 CPU core)
Locale: LANG=C, lc_ctype=de_de.iso-8859...@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash
Versions of packages asterisk depends on:
ii adduser 3.111 add and remove users and groups
pn asterisk-config | aste <none> (no description available)
pn asterisk-sounds-main <none> (no description available)
ii libasound2 1.0.21a-1 shared library for ALSA applicatio
pn libc-client2007b <none> (no description available)
ii libc6 2.10.1-7 GNU C Library: Shared libraries
pn libcap1 <none> (no description available)
ii libcurl3 7.19.7-1 Multi-protocol file transfer libra
ii libgcc1 1:4.4.2-3 GCC support library
ii libgsm1 1.0.13-3 Shared libraries for GSM speech co
pn libiksemel3 <none> (no description available)
ii libncurses5 5.7+20090803-2 shared libraries for terminal hand
ii libnewt0.52 0.52.10-4.1 Not Erik's Windowing Toolkit - tex
ii libogg0 1.1.4~dfsg-1 Ogg bitstream library
ii libpopt0 1.15-1 lib for parsing cmdline parameters
ii libpq5 8.4.1-1 PostgreSQL C client library
pn libpri1.0 <none> (no description available)
pn libradiusclient-ng2 <none> (no description available)
pn libsnmp15 <none> (no description available)
ii libspeex1 1.2~rc1-1 The Speex codec runtime library
pn libspeexdsp1 <none> (no description available)
pn libsqlite0 <none> (no description available)
ii libssl0.9.8 0.9.8k-6 SSL shared libraries
ii libstdc++6 4.4.2-3 The GNU Standard C++ Library v3
pn libtonezone1 <none> (no description available)
ii libvorbis0a 1.2.3-3 The Vorbis General Audio Compressi
ii libvorbisenc2 1.2.3-3 The Vorbis General Audio Compressi
pn libvpb0 <none> (no description available)
pn unixodbc <none> (no description available)
ii zlib1g 1:1.2.3.3.dfsg-15 compression library - runtime
asterisk recommends no packages.
Versions of packages asterisk suggests:
pn asterisk-dev <none> (no description available)
pn asterisk-doc <none> (no description available)
pn asterisk-h323 <none> (no description available)
pn ekiga <none> (no description available)
pn kphone <none> (no description available)
pn ohphone <none> (no description available)
pn twinkle <none> (no description available)
--- End Message ---
--- Begin Message ---
Source: asterisk
Source-Version: 1:1.4.21.2~dfsg-3+lenny1
We believe that the bug you reported is fixed in the latest version of
asterisk, which is due to be installed in the Debian FTP archive:
asterisk-config_1.4.21.2~dfsg-3+lenny1_all.deb
to main/a/asterisk/asterisk-config_1.4.21.2~dfsg-3+lenny1_all.deb
asterisk-dbg_1.4.21.2~dfsg-3+lenny1_i386.deb
to main/a/asterisk/asterisk-dbg_1.4.21.2~dfsg-3+lenny1_i386.deb
asterisk-dev_1.4.21.2~dfsg-3+lenny1_all.deb
to main/a/asterisk/asterisk-dev_1.4.21.2~dfsg-3+lenny1_all.deb
asterisk-doc_1.4.21.2~dfsg-3+lenny1_all.deb
to main/a/asterisk/asterisk-doc_1.4.21.2~dfsg-3+lenny1_all.deb
asterisk-h323_1.4.21.2~dfsg-3+lenny1_i386.deb
to main/a/asterisk/asterisk-h323_1.4.21.2~dfsg-3+lenny1_i386.deb
asterisk-sounds-main_1.4.21.2~dfsg-3+lenny1_all.deb
to main/a/asterisk/asterisk-sounds-main_1.4.21.2~dfsg-3+lenny1_all.deb
asterisk_1.4.21.2~dfsg-3+lenny1.diff.gz
to main/a/asterisk/asterisk_1.4.21.2~dfsg-3+lenny1.diff.gz
asterisk_1.4.21.2~dfsg-3+lenny1.dsc
to main/a/asterisk/asterisk_1.4.21.2~dfsg-3+lenny1.dsc
asterisk_1.4.21.2~dfsg-3+lenny1_i386.deb
to main/a/asterisk/asterisk_1.4.21.2~dfsg-3+lenny1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 559...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Faidon Liambotis <parav...@debian.org> (supplier of updated asterisk package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 14 Dec 2009 01:11:44 +0200
Source: asterisk
Binary: asterisk asterisk-h323 asterisk-doc asterisk-dev asterisk-dbg
asterisk-sounds-main asterisk-config
Architecture: source all i386
Version: 1:1.4.21.2~dfsg-3+lenny1
Distribution: stable-security
Urgency: high
Maintainer: Debian VoIP Team <pkg-voip-maintain...@lists.alioth.debian.org>
Changed-By: Faidon Liambotis <parav...@debian.org>
Description:
asterisk - Open Source Private Branch Exchange (PBX)
asterisk-config - Configuration files for Asterisk
asterisk-dbg - Debugging symbols for Asterisk
asterisk-dev - Development files for Asterisk
asterisk-doc - Source code documentation for Asterisk
asterisk-h323 - H.323 protocol support for Asterisk
asterisk-sounds-main - Core Sound files for Asterisk (English)
Closes: 522528 554486 554487 559103
Changes:
asterisk (1:1.4.21.2~dfsg-3+lenny1) stable-security; urgency=high
.
* Multiple security fixes:
- "Information leak in IAX2 authentication", AST-2009-001, CVE-2009-0041.
- "Remote Crash Vulnerability in SIP channel driver", AST-2009-002.
- "SIP responses expose valid usernames", AST-2009-003, CVE-2008-3903.
(Closes: #522528)
- "SIP responses expose valid usernames", AST-2009-008, CVE-2009-3727.
(Closes: #554487)
- Stop shipping old static-http code in examples. Among other things, it
includes a vulnerable version of the prototype Javascript library.
AST-2009-009, CVE-2008-7220. (Closes: #554486)
- "RTP Remote Crash Vulnerability", AST-2009-010, CVE-2009-4055.
(Closes: #559103)
Checksums-Sha1:
b39571677b5dee2efda9fc794b3d2ab5cebeb9ab 1984
asterisk_1.4.21.2~dfsg-3+lenny1.dsc
3b64d5aba93d38381d4e80b904f66741631aae89 5295205
asterisk_1.4.21.2~dfsg.orig.tar.gz
880546ae3b24c47f6bb6de248599086626772b47 150880
asterisk_1.4.21.2~dfsg-3+lenny1.diff.gz
db42a0cbcb3bd6a5b44f0acebc91b809e15176c3 32514900
asterisk-doc_1.4.21.2~dfsg-3+lenny1_all.deb
9426e6a3e3dc12834c7e705fa8513b8d4fdae092 427650
asterisk-dev_1.4.21.2~dfsg-3+lenny1_all.deb
bb1cfceef93bdef38fc64aac7ea13dcb1130d7e6 1897736
asterisk-sounds-main_1.4.21.2~dfsg-3+lenny1_all.deb
14839ed0b3cb721459ddad32b87cfa4b3e11d558 478858
asterisk-config_1.4.21.2~dfsg-3+lenny1_all.deb
a2121ba035dbbc96bb6b92ed3f3fd70f5ed235db 2407006
asterisk_1.4.21.2~dfsg-3+lenny1_i386.deb
db4f0873783fdea719309109b080facb75b5c1a1 388450
asterisk-h323_1.4.21.2~dfsg-3+lenny1_i386.deb
a23c992cd677082e793f4b96d150792fb7436d85 12937820
asterisk-dbg_1.4.21.2~dfsg-3+lenny1_i386.deb
Checksums-Sha256:
3c1c8a5e5054d30c2aad0546deac4907fb8c46cf82732f4598f0d34baa69aafc 1984
asterisk_1.4.21.2~dfsg-3+lenny1.dsc
18a2c244568f11b75afd0850cae65b394be888c778869fce61651e64a181603d 5295205
asterisk_1.4.21.2~dfsg.orig.tar.gz
5dd0f5c19b6d458a1ef432818247c98b2ad4e2ceb4b3f4535b2b91243d1e4a6e 150880
asterisk_1.4.21.2~dfsg-3+lenny1.diff.gz
196f07874797f359adb03111311abe1893b1623d7808ab206da90d6847797a2e 32514900
asterisk-doc_1.4.21.2~dfsg-3+lenny1_all.deb
c060a368134b247aa1d27374b683ee3f273da951bee28659cbabab2f3c7d004a 427650
asterisk-dev_1.4.21.2~dfsg-3+lenny1_all.deb
3309cb55110e7b43a47a5cd7c7488731282ac128a2d40e937292e760232c6434 1897736
asterisk-sounds-main_1.4.21.2~dfsg-3+lenny1_all.deb
34341baafa36917469e4d72429ea642418628bf2626cb9208baf17337186e788 478858
asterisk-config_1.4.21.2~dfsg-3+lenny1_all.deb
187122e727887bdbb9cd62b3a1701a8de53b81e27cbb4a427d1437f9f154f167 2407006
asterisk_1.4.21.2~dfsg-3+lenny1_i386.deb
80619106ec8570c3a584bf81e8a1f5cb64e1c4af7a50e31ad6308b381821512e 388450
asterisk-h323_1.4.21.2~dfsg-3+lenny1_i386.deb
4ee223894f928d207c29e62e3f15bb14a7b57da491ccfd2bdb61820efa62693f 12937820
asterisk-dbg_1.4.21.2~dfsg-3+lenny1_i386.deb
Files:
69dcaf09361976f55a053512fb26d7b5 1984 comm optional
asterisk_1.4.21.2~dfsg-3+lenny1.dsc
f641d1140b964e71e38d27bf3b2a2d80 5295205 comm optional
asterisk_1.4.21.2~dfsg.orig.tar.gz
ba6e81cd6ab443ef04467d57a1d954b3 150880 comm optional
asterisk_1.4.21.2~dfsg-3+lenny1.diff.gz
8d959ce35cc61436ee1e09af475459d1 32514900 doc extra
asterisk-doc_1.4.21.2~dfsg-3+lenny1_all.deb
fb8a7dd925c8d209f3007e2a7d6602d8 427650 devel extra
asterisk-dev_1.4.21.2~dfsg-3+lenny1_all.deb
f0b7912d2ea0377bbb3c56cbc067d230 1897736 comm optional
asterisk-sounds-main_1.4.21.2~dfsg-3+lenny1_all.deb
b483c77c21df4ae9cea8a4277f96966a 478858 comm optional
asterisk-config_1.4.21.2~dfsg-3+lenny1_all.deb
2bbd456e2d36a734ac0789b6ff7e9d22 2407006 comm optional
asterisk_1.4.21.2~dfsg-3+lenny1_i386.deb
7c9e49cb8610a577d63f3fb77ecd92da 388450 comm optional
asterisk-h323_1.4.21.2~dfsg-3+lenny1_i386.deb
46acd420961efc6c932d94eec0452ad3 12937820 devel extra
asterisk-dbg_1.4.21.2~dfsg-3+lenny1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAksmj6cACgkQVty5d8XpUzMwHgCeKbMGyk0QDov48qlK09G5Fdzb
w2gAn2POsBO9cc4Dv+PrArwit8Is90D1
=M94m
-----END PGP SIGNATURE-----
--- End Message ---
