Package: asterisk Version: 1:1.8.4.2-1 Severity: grave Tags: security upstream patch Justification: user security hole
A remote user sending a SIP packet containing a Contact header with a missing left angle bracket (<) causes Asterisk to access a null pointer. This applies only to Asterisk 1.8 in Wheezy/Sid and not to the versions in Squeeze and in Lenny. For more information, see http://downloads.asterisk.org/pub/security/AST-2011-009.html -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
