Package: asterisk Version: 1:1.6.2.9-2 Justification: user security hole Severity: grave Tags: security patch upstream
*** Please type your report below this line *** The Asterisk project has reported security advisory ASA-2011-011 http://downloads.asterisk.org/pub/security/AST-2011-001.html (No CVE ATM) "When forming an outgoing SIP request while in pedantic mode, a stack buffer can be made to overflow if supplied with carefully crafted caller ID information. " Caller ID information may be provided by remote users. The advisory details potential workaround in the dialplan, but applying it varies greatly on different configurations. Issue applies both to the Lenny and Squeeze packages. For patches: http://svn.debian.org/viewsvn/pkg-voip?view=rev&revision=8708 (Squeeze) http://svn.debian.org/viewsvn/pkg-voip?view=rev&revision=8711 (Lenny) -- Tzafrir Cohen | tzaf...@jabber.org | VIM is http://tzafrir.org.il | | a Mutt's tzaf...@cohens.org.il | | best tzaf...@debian.org | | friend -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
