Your message dated Fri, 24 Jun 2011 15:17:42 +0000
with message-id <e1qa88c-0002si...@franck.debian.org>
and subject line Bug#631448: fixed in asterisk 1:1.8.4.3-1
has caused the Debian Bug report #631448,
regarding asterisk: AST-2011-010 (CVE-2011-2535) - crash due to using remote
pointers
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
631448: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631448
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: asterisk
Version: 1:1.8.4.2-1
Severity: grave
Tags: security upstream patch
Justification: user security hole
A memory address was inadvertently transmitted over the network via IAX2
via an option control frame and the remote party would try to access it.
This applies only to version 1.8 in Wheezy/Sid and not to the versions in
Lenny and Squeeze. The advisory does apply to some newer versions of
Asterisk 1.4 and 1.6.2, but not to the older versions used in Lenny and
Squeeze, respectively.
For more information, see
http://downloads.asterisk.org/pub/security/AST-2011-010.html
--- End Message ---
--- Begin Message ---
Source: asterisk
Source-Version: 1:1.8.4.3-1
We believe that the bug you reported is fixed in the latest version of
asterisk, which is due to be installed in the Debian FTP archive:
asterisk-config_1.8.4.3-1_all.deb
to main/a/asterisk/asterisk-config_1.8.4.3-1_all.deb
asterisk-dahdi_1.8.4.3-1_amd64.deb
to main/a/asterisk/asterisk-dahdi_1.8.4.3-1_amd64.deb
asterisk-dbg_1.8.4.3-1_amd64.deb
to main/a/asterisk/asterisk-dbg_1.8.4.3-1_amd64.deb
asterisk-dev_1.8.4.3-1_all.deb
to main/a/asterisk/asterisk-dev_1.8.4.3-1_all.deb
asterisk-doc_1.8.4.3-1_all.deb
to main/a/asterisk/asterisk-doc_1.8.4.3-1_all.deb
asterisk-h323_1.8.4.3-1_amd64.deb
to main/a/asterisk/asterisk-h323_1.8.4.3-1_amd64.deb
asterisk-mobile_1.8.4.3-1_amd64.deb
to main/a/asterisk/asterisk-mobile_1.8.4.3-1_amd64.deb
asterisk-modules_1.8.4.3-1_amd64.deb
to main/a/asterisk/asterisk-modules_1.8.4.3-1_amd64.deb
asterisk-mp3_1.8.4.3-1_amd64.deb
to main/a/asterisk/asterisk-mp3_1.8.4.3-1_amd64.deb
asterisk-mysql_1.8.4.3-1_amd64.deb
to main/a/asterisk/asterisk-mysql_1.8.4.3-1_amd64.deb
asterisk-ooh323_1.8.4.3-1_amd64.deb
to main/a/asterisk/asterisk-ooh323_1.8.4.3-1_amd64.deb
asterisk-voicemail-imapstorage_1.8.4.3-1_amd64.deb
to main/a/asterisk/asterisk-voicemail-imapstorage_1.8.4.3-1_amd64.deb
asterisk-voicemail-odbcstorage_1.8.4.3-1_amd64.deb
to main/a/asterisk/asterisk-voicemail-odbcstorage_1.8.4.3-1_amd64.deb
asterisk-voicemail_1.8.4.3-1_amd64.deb
to main/a/asterisk/asterisk-voicemail_1.8.4.3-1_amd64.deb
asterisk_1.8.4.3-1.debian.tar.gz
to main/a/asterisk/asterisk_1.8.4.3-1.debian.tar.gz
asterisk_1.8.4.3-1.dsc
to main/a/asterisk/asterisk_1.8.4.3-1.dsc
asterisk_1.8.4.3-1_amd64.deb
to main/a/asterisk/asterisk_1.8.4.3-1_amd64.deb
asterisk_1.8.4.3.orig.tar.gz
to main/a/asterisk/asterisk_1.8.4.3.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 631...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Tzafrir Cohen <tzaf...@debian.org> (supplier of updated asterisk package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 24 Jun 2011 00:51:49 +0300
Source: asterisk
Binary: asterisk asterisk-modules asterisk-h323 asterisk-dahdi
asterisk-voicemail asterisk-voicemail-imapstorage
asterisk-voicemail-odbcstorage asterisk-ooh323 asterisk-mp3 asterisk-mysql
asterisk-mobile asterisk-doc asterisk-dev asterisk-dbg asterisk-config
Architecture: source all amd64
Version: 1:1.8.4.3-1
Distribution: unstable
Urgency: high
Maintainer: Debian VoIP Team <pkg-voip-maintain...@lists.alioth.debian.org>
Changed-By: Tzafrir Cohen <tzaf...@debian.org>
Description:
asterisk - Open Source Private Branch Exchange (PBX)
asterisk-config - Configuration files for Asterisk
asterisk-dahdi - DAHDI devices support for the Asterisk PBX
asterisk-dbg - Debugging symbols for Asterisk
asterisk-dev - Development files for Asterisk
asterisk-doc - Source code documentation for Asterisk
asterisk-h323 - H.323 protocol support for the Asterisk PBX
asterisk-mobile - Bluetooth phone support for the Asterisk PBX
asterisk-modules - loadable modules for the Asterisk PBX
asterisk-mp3 - MP3 playback support for the Asterisk PBX (DUMMY)
asterisk-mysql - MySQL database protocol support for the Asterisk PBX
asterisk-ooh323 - H.323 protocol support for the Asterisk PBX - ooH323c
asterisk-voicemail - simple voicemail support for the Asterisk PBX
asterisk-voicemail-imapstorage - IMAP voicemail storage support for the
Asterisk PBX
asterisk-voicemail-odbcstorage - ODBC voicemail storage support for the
Asterisk PBX
Closes: 631445 631446 631448
Changes:
asterisk (1:1.8.4.3-1) unstable; urgency=high
.
* New upstream point release, fixes 3 remotely-explitables (of sort) bugs:
- AST-2011-008, CVE-2011-2529 (Closes: #631446)
- AST-2011-009 (Closes: #631445)
- AST-2011-010, CVE-2011-2535 (Closes: #631448)
Checksums-Sha1:
1727101497e66ce91bac8c59144008d0713db0da 2483 asterisk_1.8.4.3-1.dsc
bebb82a19b86817a3ae62b7495991af480cdaad8 27327187 asterisk_1.8.4.3.orig.tar.gz
a12c0885fe3f1213256d846934433617f8263370 111140
asterisk_1.8.4.3-1.debian.tar.gz
339a3036f639c5b02c2eeac18e6251e4ce71e433 4576012 asterisk-doc_1.8.4.3-1_all.deb
ce0aaf3061b2572510132b5e4aa5faf258ed4605 792024 asterisk-dev_1.8.4.3-1_all.deb
3131965d3ea38427f45dc130792f159584902068 842674
asterisk-config_1.8.4.3-1_all.deb
e9893391b4c6bb2b7de1a7bbab53ab91f31f94a8 1565608 asterisk_1.8.4.3-1_amd64.deb
b49f34d508a60f58865dcf954fe8ed4d6bf1db34 2558180
asterisk-modules_1.8.4.3-1_amd64.deb
9ac1ae3f3439358a4548d25b0b251cce8d2e14cb 603394
asterisk-h323_1.8.4.3-1_amd64.deb
01ffb322c9109417238d1e9c1f987508bd91bc6c 734880
asterisk-dahdi_1.8.4.3-1_amd64.deb
0169ef23abdc4c37c6a73ad995b8ce8b414eee74 529762
asterisk-voicemail_1.8.4.3-1_amd64.deb
86491509fc3c5d776a89273112654dc14cf66f60 544690
asterisk-voicemail-imapstorage_1.8.4.3-1_amd64.deb
137f498b6d863b18952d6d184cc95358c68563a5 535310
asterisk-voicemail-odbcstorage_1.8.4.3-1_amd64.deb
3c45706cbf47e831968471b045d27f0211a889b9 869302
asterisk-ooh323_1.8.4.3-1_amd64.deb
23e4c65810eb44588b806db24443cf070d889b94 473306
asterisk-mp3_1.8.4.3-1_amd64.deb
e220af42d1482d5fde40997b127d9f0bf6c6d916 496998
asterisk-mysql_1.8.4.3-1_amd64.deb
3afa735081692b3e8eec55aa25a2413e71e49530 486936
asterisk-mobile_1.8.4.3-1_amd64.deb
7815e127029d7f56e8f3bc42ced815a6da489294 28679128
asterisk-dbg_1.8.4.3-1_amd64.deb
Checksums-Sha256:
51adac4548fa104de55ade80c512732ae4497422ae05534a13a6bd236cced32b 2483
asterisk_1.8.4.3-1.dsc
3aa85798f2ec125f03a997e6359245ebc6b06c6ae5a2a80945707a79216a3c1f 27327187
asterisk_1.8.4.3.orig.tar.gz
40bbd60bb85f3ded1cff26b6ad3b1f4706c4dae5536d207c9baef12da8be3e27 111140
asterisk_1.8.4.3-1.debian.tar.gz
411fd0bad223623e373a8455e12d167c13ea33944ee21d25ae8f502014606a1b 4576012
asterisk-doc_1.8.4.3-1_all.deb
43994d091163ba48061cb271d563e04dc5683c1638cac61b453ca1cd0d377bdd 792024
asterisk-dev_1.8.4.3-1_all.deb
c509e7c7caea1e0020d265558432cbd344fb0b761e3f0e2965a22b5872ff5d11 842674
asterisk-config_1.8.4.3-1_all.deb
8f171e17d6c4adda64e142e8607e4cdca8328dc5e3edcb8d1ce25464d6733745 1565608
asterisk_1.8.4.3-1_amd64.deb
8081f0f031e3f09f3f12ea036dbcd1e5a97b99608832ae499ca4e6c581860632 2558180
asterisk-modules_1.8.4.3-1_amd64.deb
85670f72dd5b4307fc09e97337042994232ec2a5305f71fc5913e0fd0fce2b46 603394
asterisk-h323_1.8.4.3-1_amd64.deb
763f393f0bdddcede140dd83f98c49231286b41637cb90fd409c4d10a49dd5c3 734880
asterisk-dahdi_1.8.4.3-1_amd64.deb
23ab338761c4ea1f8b689639343408fd4c2dd9acaaeb24cc1de09f99c06316ca 529762
asterisk-voicemail_1.8.4.3-1_amd64.deb
be4d84977a1464ed8cb7a2ba4063b890b7ea89d87a3c717cf872e4088b6cb35e 544690
asterisk-voicemail-imapstorage_1.8.4.3-1_amd64.deb
f5d2f6ab48e6af2cdef599400a284dbce3da03861e5ddfe906491b9874529663 535310
asterisk-voicemail-odbcstorage_1.8.4.3-1_amd64.deb
2642ea9368aa5949c19f45c6ec81e51f3809c99aec01951fc63af3ef2aceda64 869302
asterisk-ooh323_1.8.4.3-1_amd64.deb
649a7492ab6b6e23dd5cd5348e004b396a593ca609d803fe1fddbd68f97a2666 473306
asterisk-mp3_1.8.4.3-1_amd64.deb
1e4cf1373ddf8273d09dfa9c1bec0855e12eafb40bf565e47514811f0e9e4397 496998
asterisk-mysql_1.8.4.3-1_amd64.deb
f7a65f1b9c043d6c689f1919276197f5f7a871932e3ab962e0f4699a13918e12 486936
asterisk-mobile_1.8.4.3-1_amd64.deb
cd97d3842832cde488da6ccd3c125ae3ad1b30fe14404fb2ba3dafdaa7d0f572 28679128
asterisk-dbg_1.8.4.3-1_amd64.deb
Files:
128c9a48402694906dfbe4060b1a8a5b 2483 comm optional asterisk_1.8.4.3-1.dsc
bae6240682736ebbcd3596bc6cc1ad14 27327187 comm optional
asterisk_1.8.4.3.orig.tar.gz
71613fc9c994f79246bd7586e7ae9122 111140 comm optional
asterisk_1.8.4.3-1.debian.tar.gz
043177c3c0cc5bda6caebc13ee561c26 4576012 doc extra
asterisk-doc_1.8.4.3-1_all.deb
12220525536a8b89599eda9e86417496 792024 devel extra
asterisk-dev_1.8.4.3-1_all.deb
e9ab1f4fbb0422b2d0fd06f87a70a6c1 842674 comm optional
asterisk-config_1.8.4.3-1_all.deb
614cc47bb4a3bbfd239e894921ddb241 1565608 comm optional
asterisk_1.8.4.3-1_amd64.deb
04a5f189b36c63d3a21046d238d1b4ca 2558180 libs optional
asterisk-modules_1.8.4.3-1_amd64.deb
ec48469eff539d2742561ebea023d766 603394 comm optional
asterisk-h323_1.8.4.3-1_amd64.deb
ce7986cb38348659c5731e4d89e8d17b 734880 comm optional
asterisk-dahdi_1.8.4.3-1_amd64.deb
32d13769232582b837b882308dff9099 529762 comm optional
asterisk-voicemail_1.8.4.3-1_amd64.deb
8ce03a8773d1d6d36f11f46812e81c2c 544690 comm optional
asterisk-voicemail-imapstorage_1.8.4.3-1_amd64.deb
f4f8cadf557a97006b18bfbe686121fd 535310 comm optional
asterisk-voicemail-odbcstorage_1.8.4.3-1_amd64.deb
a2eb97b07f245f464a14c4d2e4b78d5d 869302 comm optional
asterisk-ooh323_1.8.4.3-1_amd64.deb
cdfbe13c96c9bc9055e5e2243d7ddcc6 473306 comm optional
asterisk-mp3_1.8.4.3-1_amd64.deb
8ef9db8aef1f34b532c34b9aa8509b1b 496998 comm optional
asterisk-mysql_1.8.4.3-1_amd64.deb
df2ad88a96e127bb90873a6f1d63aaaa 486936 comm optional
asterisk-mobile_1.8.4.3-1_amd64.deb
53ca9e78a905d9bca7232b7df5e2151d 28679128 debug extra
asterisk-dbg_1.8.4.3-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk4Eo+MACgkQxArWdkN9MosFOACcCIIB9dG6cgEGtFTQfCnXdFCZ
fvgAoKhVh8tOlMif0CSTPLSQYoZBWTzN
=xiQ0
-----END PGP SIGNATURE-----
--- End Message ---
