Your message dated Mon, 25 Apr 2011 22:17:41 +0000
with message-id <e1qeu69-0006ht...@franck.debian.org>
and subject line Bug#618790: fixed in asterisk 1:1.8.3.3-1
has caused the Debian Bug report #618790,
regarding AST-2011-003: Resource exhaustion in Asterisk Manager Interface
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
618790: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=618790
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: asterisk
Version: 1:1.6.2.9-2+squeeze2
Justification: AST-2011-003: Resource exhaustion in Asterisk Manager Interface
Severity: serious
Tags: security patch upstream
Rapidly opening manager connections, sending invalid data, and closing the
connection can cause Asterisk to exhaust available CPU and memory resources.
The manager interface is disabled by default in upstream, but enabled
by default (listening on localhost only) in the version in Debian 5.0 (Lenny)
and 6.0 (Squeeze).
See also http://downloads.asterisk.org/pub/security/AST-2011-003.html
Patches are available in SVN (branches 'squeeze' and 'lenny-security').
--
Tzafrir Cohen | tzaf...@jabber.org | VIM is
http://tzafrir.org.il | | a Mutt's
tzaf...@cohens.org.il | | best
tzaf...@debian.org | | friend
--
Tzafrir Cohen | tzaf...@jabber.org | VIM is
http://tzafrir.org.il | | a Mutt's
tzaf...@cohens.org.il | | best
tzaf...@debian.org | | friend
--- End Message ---
--- Begin Message ---
Source: asterisk
Source-Version: 1:1.8.3.3-1
We believe that the bug you reported is fixed in the latest version of
asterisk, which is due to be installed in the Debian FTP archive:
asterisk-config_1.8.3.3-1_all.deb
to main/a/asterisk/asterisk-config_1.8.3.3-1_all.deb
asterisk-dahdi_1.8.3.3-1_amd64.deb
to main/a/asterisk/asterisk-dahdi_1.8.3.3-1_amd64.deb
asterisk-dbg_1.8.3.3-1_amd64.deb
to main/a/asterisk/asterisk-dbg_1.8.3.3-1_amd64.deb
asterisk-dev_1.8.3.3-1_all.deb
to main/a/asterisk/asterisk-dev_1.8.3.3-1_all.deb
asterisk-doc_1.8.3.3-1_all.deb
to main/a/asterisk/asterisk-doc_1.8.3.3-1_all.deb
asterisk-h323_1.8.3.3-1_amd64.deb
to main/a/asterisk/asterisk-h323_1.8.3.3-1_amd64.deb
asterisk-mobile_1.8.3.3-1_amd64.deb
to main/a/asterisk/asterisk-mobile_1.8.3.3-1_amd64.deb
asterisk-modules_1.8.3.3-1_amd64.deb
to main/a/asterisk/asterisk-modules_1.8.3.3-1_amd64.deb
asterisk-mp3_1.8.3.3-1_amd64.deb
to main/a/asterisk/asterisk-mp3_1.8.3.3-1_amd64.deb
asterisk-mysql_1.8.3.3-1_amd64.deb
to main/a/asterisk/asterisk-mysql_1.8.3.3-1_amd64.deb
asterisk-ooh323_1.8.3.3-1_amd64.deb
to main/a/asterisk/asterisk-ooh323_1.8.3.3-1_amd64.deb
asterisk-voicemail-imapstorage_1.8.3.3-1_amd64.deb
to main/a/asterisk/asterisk-voicemail-imapstorage_1.8.3.3-1_amd64.deb
asterisk-voicemail-odbcstorage_1.8.3.3-1_amd64.deb
to main/a/asterisk/asterisk-voicemail-odbcstorage_1.8.3.3-1_amd64.deb
asterisk-voicemail_1.8.3.3-1_amd64.deb
to main/a/asterisk/asterisk-voicemail_1.8.3.3-1_amd64.deb
asterisk_1.8.3.3-1.debian.tar.gz
to main/a/asterisk/asterisk_1.8.3.3-1.debian.tar.gz
asterisk_1.8.3.3-1.dsc
to main/a/asterisk/asterisk_1.8.3.3-1.dsc
asterisk_1.8.3.3-1_amd64.deb
to main/a/asterisk/asterisk_1.8.3.3-1_amd64.deb
asterisk_1.8.3.3.orig.tar.gz
to main/a/asterisk/asterisk_1.8.3.3.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 618...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Tzafrir Cohen <tzaf...@debian.org> (supplier of updated asterisk package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 25 Apr 2011 21:46:51 +0300
Source: asterisk
Binary: asterisk asterisk-modules asterisk-h323 asterisk-dahdi
asterisk-voicemail asterisk-voicemail-imapstorage
asterisk-voicemail-odbcstorage asterisk-ooh323 asterisk-mp3 asterisk-mysql
asterisk-mobile asterisk-doc asterisk-dev asterisk-dbg asterisk-config
Architecture: source all amd64
Version: 1:1.8.3.3-1
Distribution: unstable
Urgency: high
Maintainer: Debian VoIP Team <pkg-voip-maintain...@lists.alioth.debian.org>
Changed-By: Tzafrir Cohen <tzaf...@debian.org>
Description:
asterisk - Open Source Private Branch Exchange (PBX)
asterisk-config - Configuration files for Asterisk
asterisk-dahdi - DAHDI devices support for the Asterisk PBX
asterisk-dbg - Debugging symbols for Asterisk
asterisk-dev - Development files for Asterisk
asterisk-doc - Source code documentation for Asterisk
asterisk-h323 - H.323 protocol support for the Asterisk PBX
asterisk-mobile - Bluetooth phone support for the Asterisk PBX
asterisk-modules - loadable modules for the Asterisk PBX
asterisk-mp3 - MP3 playback support for the Asterisk PBX (DUMMY)
asterisk-mysql - MySQL database protocol support for the Asterisk PBX
asterisk-ooh323 - H.323 protocol support for the Asterisk PBX - ooH323c
asterisk-voicemail - simple voicemail support for the Asterisk PBX
asterisk-voicemail-imapstorage - IMAP voicemail storage support for the
Asterisk PBX
asterisk-voicemail-odbcstorage - ODBC voicemail storage support for the
Asterisk PBX
Closes: 531551 549054 590588 610487 614580 618790 618791 623775
Changes:
asterisk (1:1.8.3.3-1) unstable; urgency=high
.
[ Tzafrir Cohen ]
* Switching to branch 1.8
(Closes: #610487, #614580, #618790, #618791, #623775).
* Patch parser-mangles-include dropped: merged upstream.
* Patch dahdi-fxsks-hookstate dropped: merged upstream.
* Patch dahdi_ptmp_nt dropped: silly hack no longer needed.
* Patch dahdi_pri_debug_spannums dropped: merged upstream.
* Patch moh_datadir dropped: merged upstream.
* Patch settings_show_dirs dropped: merged upstream.
* Patch man_hyphen dropped: merged upstream.
* Patch typos dropped: merged upstream.
* Patch rtcp_cli_fix dropped: merged upstream.
* Sound files: version 1.4.20
* Separate sub-package asterisk-modules to avoid multiarch issues.
* Extra sub-package asterisk-dahdi for the dahdi modules (Closes: #590588).
* As of 1.8.1, AST.pdf and AST.txt are generated from the wiki.
- And thus no need for rubber at build time (Closes: #531551).
* Separate sub-packages for voicemail backends:
- asterisk-voicemail{,-{imap,odbc}storage}
- And rename the modules accordingly.
* asterisk-mysql, asterisk-mobile, asterisk-mp3, asterisk-ooh323:
- asterisk-addons was merged into Asterisk.
- Patch enable_addons: do build those modules.
- Also app_saycountpl, which will go into the mian package.
- Patch mpglib: mpglib from asterisk-addons, originally.
* Patch gmime-2.4: fixes building with gmime 2.4 (Closes: #549054).
- Requires re-generating configure script.
* Patch openssl10: Fix detection of openssl 1.0.
* Patch no_ssl2: Don't require client-side SSL2 support.
* include menuselect.makeopts in the docs directory - let us know what
modules were not built.
* Bump Standards version to 3.9.2.0 (no change needed).
* Upstream prefers chan_ooh323 to chan_h323. Suggest asterisk-ooh323.
* Drop asterisk-sounds-main: we already have that functionality the
asterisk-core-sounds packages.
* Recommend a moh (music-on-hold) package to have music played on hold.
.
[ Faidon Liambotis ]
* Switch to the "3.0 (quilt)" package source format.
.
[ Paul Belanger ]
* Depend on libneon27-dev and libical-dev for calendar support.
* Depend on libsrtp0-dev for SRTP support.
* When compiling with DEB_BUILD_OPTIONS="debug" enable native Asterisk
debugging tools. Specifically DONT_OPTIMIZE, DEBUG_THREADS and
--enable-dev-mode.
* Regardless of which asterisk-voicemail-* is installed (each package
conflicts on each other), the name of the module is now
app_voicemail.so.
* Fix a bug with app_voicemail-*.exports.in not being copied properly.
Checksums-Sha1:
79eeb272bbe58858858a209d2c4b1a8766f4ec1c 2395 asterisk_1.8.3.3-1.dsc
af9e76c2ef96467869947ca1b07214c2abb25687 26871276 asterisk_1.8.3.3.orig.tar.gz
8b73624f95692ee6941fd1f600d82ef81e1200a7 94516 asterisk_1.8.3.3-1.debian.tar.gz
3761d38dcd1e07ec3a3602764d719b7e2aaeac09 4130144 asterisk-doc_1.8.3.3-1_all.deb
b19ea198417b34e4202b283971eab6bddf680d14 773290 asterisk-dev_1.8.3.3-1_all.deb
9acfd8973449d9bea79228b57488429e5866a542 824252
asterisk-config_1.8.3.3-1_all.deb
69209628c2dcbc681601a46831083a6c9f93e6ff 1552706 asterisk_1.8.3.3-1_amd64.deb
b29d00cc22aff010f46d76a71e2f5db1ac5fe6bd 2616088
asterisk-modules_1.8.3.3-1_amd64.deb
086b308995de420810f05a4a63ae482337e3a670 599314
asterisk-h323_1.8.3.3-1_amd64.deb
fbec7d8b619cbf3fe8d77d8c60c05de997e1bc07 719964
asterisk-dahdi_1.8.3.3-1_amd64.deb
c5592dfc889f06545fa15689ae8947d104f06726 512328
asterisk-voicemail_1.8.3.3-1_amd64.deb
6bd94903a07e49cfc958c821d46a1bd0a516ca2e 527884
asterisk-voicemail-imapstorage_1.8.3.3-1_amd64.deb
67ec6f5bada0dfd4baee1b140794c53b3ea83a02 518440
asterisk-voicemail-odbcstorage_1.8.3.3-1_amd64.deb
88854c14a5459ed8a6682cacd9c859aebff38f35 853722
asterisk-ooh323_1.8.3.3-1_amd64.deb
093849e59d447f62a66017d621bc0cd2b6cb3b92 456404
asterisk-mp3_1.8.3.3-1_amd64.deb
43314a1d91a5725c377057811fa719b79a91386d 481508
asterisk-mysql_1.8.3.3-1_amd64.deb
99909077dc2c798ed8344cfee808217ee2a2c0d1 469840
asterisk-mobile_1.8.3.3-1_amd64.deb
d80fd31c794141ffc8a5c82c9294a84c9daeea87 28740422
asterisk-dbg_1.8.3.3-1_amd64.deb
Checksums-Sha256:
d5ce9a2db8ff97a5f83b66771fb11240e2af02df3effbfae00eed862c4667995 2395
asterisk_1.8.3.3-1.dsc
899399a5c5f089dc793d033f670f6c14e13447cf0830d9093d82873f4892da9b 26871276
asterisk_1.8.3.3.orig.tar.gz
b4c7e6bbbaa35e745f85b22e2a1ea88ba08c4537eef9b1b95a2e7eac75a98ad4 94516
asterisk_1.8.3.3-1.debian.tar.gz
a2f38933a2cc0ae638d2346c741b9f7cff433832662d9812d1ab56e0588d5c46 4130144
asterisk-doc_1.8.3.3-1_all.deb
62acbcaa0c08c644679aa1bac7474ab76c636f3fb3de3fbbe9b52faf27678ca9 773290
asterisk-dev_1.8.3.3-1_all.deb
358e61b5be735b3f2500eb6354dffae8fad0818021e771898ee90f019afb2e12 824252
asterisk-config_1.8.3.3-1_all.deb
40a2ca7c5dcebc10a3cf5e618d000535f0e7c0bdb536ca2255b510e03dfbe434 1552706
asterisk_1.8.3.3-1_amd64.deb
bf2492b3d1685d7fd41a4c6a30e9033bf1b0d8cea67aeaae073332f811c2dde7 2616088
asterisk-modules_1.8.3.3-1_amd64.deb
da018879fccabf90f0383c90b3707ea52c5e6a72d8e2a7f790c7e58d67eeab25 599314
asterisk-h323_1.8.3.3-1_amd64.deb
c0457a3f8562a5e74a0c5914cfc5ce04b8fdc5ec43ac9f0395b6312b605798a1 719964
asterisk-dahdi_1.8.3.3-1_amd64.deb
65f00a27ec5887a9574de96b83bb211b828e350e18e2c6687aaad23367b71b16 512328
asterisk-voicemail_1.8.3.3-1_amd64.deb
0eb920e51e5397e37a9d2d885005355dceac44fa9f872c819c182044bdc8a098 527884
asterisk-voicemail-imapstorage_1.8.3.3-1_amd64.deb
a595bda7a1b06d50a808d63ab84dfa228dc53666923509f6f10b3349525f2e41 518440
asterisk-voicemail-odbcstorage_1.8.3.3-1_amd64.deb
b284ea45bc4f44dec3803ea0d785cea3816f7dc7188d7cc520b78c1c76508207 853722
asterisk-ooh323_1.8.3.3-1_amd64.deb
21895d9f68222f97143cbac867d8f043e30e7968f4e03f597631aeecde34e50c 456404
asterisk-mp3_1.8.3.3-1_amd64.deb
dbe2ac8d85a17797677b11f06bd59c7d7fce4d10e335b4890b2ee0a98624301e 481508
asterisk-mysql_1.8.3.3-1_amd64.deb
d6abbd5803e6369fd9111700ecbaaa94ff72eebe77c1ef9208fda4905d6bf51c 469840
asterisk-mobile_1.8.3.3-1_amd64.deb
32ee81b6d86a7d800caf66bc1af8d0a55cefe43969e9b4e38ed0da120aa535c1 28740422
asterisk-dbg_1.8.3.3-1_amd64.deb
Files:
84eb91a51cb390c0386d728a70851b15 2395 comm optional asterisk_1.8.3.3-1.dsc
800684984c394ded3effe5096b579488 26871276 comm optional
asterisk_1.8.3.3.orig.tar.gz
e51bf412371719f18bead90843cde4f7 94516 comm optional
asterisk_1.8.3.3-1.debian.tar.gz
347f78f7ba1a117a8d3303e130c9ff9f 4130144 doc extra
asterisk-doc_1.8.3.3-1_all.deb
f0c9f58dbc89fbfa35a08959791eb50a 773290 devel extra
asterisk-dev_1.8.3.3-1_all.deb
d7a9e71bc91f8ce986e2bdde8a73d1b9 824252 comm optional
asterisk-config_1.8.3.3-1_all.deb
cfb20c6da6b8e962fc7d3d894dfaf9d6 1552706 comm optional
asterisk_1.8.3.3-1_amd64.deb
5c75515911372aa6768f006af4c19d9e 2616088 libs optional
asterisk-modules_1.8.3.3-1_amd64.deb
b768193ee56117b2ef505e9abac2aff9 599314 comm optional
asterisk-h323_1.8.3.3-1_amd64.deb
4b10215d5de55f9f8467d96408f0124e 719964 comm optional
asterisk-dahdi_1.8.3.3-1_amd64.deb
716afec6ba0271d3748b770b44f1be55 512328 comm optional
asterisk-voicemail_1.8.3.3-1_amd64.deb
c3fcf620cdb4743cc4bf3df653f1925b 527884 comm optional
asterisk-voicemail-imapstorage_1.8.3.3-1_amd64.deb
5bb8183ef427b9630375f37e588085ff 518440 comm optional
asterisk-voicemail-odbcstorage_1.8.3.3-1_amd64.deb
8c8aba2392b04800a83f1671b3271af3 853722 comm optional
asterisk-ooh323_1.8.3.3-1_amd64.deb
bed7f55515606a52369dac25fa6af2a2 456404 comm optional
asterisk-mp3_1.8.3.3-1_amd64.deb
adfe4a3ba5c1e43d45a54081965eaeb6 481508 comm optional
asterisk-mysql_1.8.3.3-1_amd64.deb
5d4b29e25c8b7b0a8708f3e459d5e372 469840 comm optional
asterisk-mobile_1.8.3.3-1_amd64.deb
6211b7007f0a7846d5052242ca853c7d 28740422 debug extra
asterisk-dbg_1.8.3.3-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk212rkACgkQxArWdkN9MotoPwCgycj0aV/SzfFxDJZk6HjolsE9
C9sAoINpM5VianTex8WamU9/ExLfI6ZA
=tMth
-----END PGP SIGNATURE-----
--- End Message ---
