Your message dated Sun, 10 Jul 2011 19:55:19 +0000
with message-id <e1qg063-0002fz...@franck.debian.org>
and subject line Bug#631448: fixed in asterisk 1:1.6.2.9-2+squeeze3
has caused the Debian Bug report #631448,
regarding asterisk: AST-2011-010 (CVE-2011-2535) - crash due to using remote
pointers
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
631448: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631448
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: asterisk
Version: 1:1.8.4.2-1
Severity: grave
Tags: security upstream patch
Justification: user security hole
A memory address was inadvertently transmitted over the network via IAX2
via an option control frame and the remote party would try to access it.
This applies only to version 1.8 in Wheezy/Sid and not to the versions in
Lenny and Squeeze. The advisory does apply to some newer versions of
Asterisk 1.4 and 1.6.2, but not to the older versions used in Lenny and
Squeeze, respectively.
For more information, see
http://downloads.asterisk.org/pub/security/AST-2011-010.html
--- End Message ---
--- Begin Message ---
Source: asterisk
Source-Version: 1:1.6.2.9-2+squeeze3
We believe that the bug you reported is fixed in the latest version of
asterisk, which is due to be installed in the Debian FTP archive:
asterisk-config_1.6.2.9-2+squeeze3_all.deb
to main/a/asterisk/asterisk-config_1.6.2.9-2+squeeze3_all.deb
asterisk-dbg_1.6.2.9-2+squeeze3_amd64.deb
to main/a/asterisk/asterisk-dbg_1.6.2.9-2+squeeze3_amd64.deb
asterisk-dev_1.6.2.9-2+squeeze3_all.deb
to main/a/asterisk/asterisk-dev_1.6.2.9-2+squeeze3_all.deb
asterisk-doc_1.6.2.9-2+squeeze3_all.deb
to main/a/asterisk/asterisk-doc_1.6.2.9-2+squeeze3_all.deb
asterisk-h323_1.6.2.9-2+squeeze3_amd64.deb
to main/a/asterisk/asterisk-h323_1.6.2.9-2+squeeze3_amd64.deb
asterisk-sounds-main_1.6.2.9-2+squeeze3_all.deb
to main/a/asterisk/asterisk-sounds-main_1.6.2.9-2+squeeze3_all.deb
asterisk_1.6.2.9-2+squeeze3.debian.tar.gz
to main/a/asterisk/asterisk_1.6.2.9-2+squeeze3.debian.tar.gz
asterisk_1.6.2.9-2+squeeze3.dsc
to main/a/asterisk/asterisk_1.6.2.9-2+squeeze3.dsc
asterisk_1.6.2.9-2+squeeze3_amd64.deb
to main/a/asterisk/asterisk_1.6.2.9-2+squeeze3_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 631...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Tzafrir Cohen <tzaf...@debian.org> (supplier of updated asterisk package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 01 Jul 2011 14:57:12 +0300
Source: asterisk
Binary: asterisk asterisk-h323 asterisk-doc asterisk-dev asterisk-dbg
asterisk-sounds-main asterisk-config
Architecture: source all amd64
Version: 1:1.6.2.9-2+squeeze3
Distribution: stable-security
Urgency: high
Maintainer: Debian VoIP Team <pkg-voip-maintain...@lists.alioth.debian.org>
Changed-By: Tzafrir Cohen <tzaf...@debian.org>
Description:
asterisk - Open Source Private Branch Exchange (PBX)
asterisk-config - Configuration files for Asterisk
asterisk-dbg - Debugging symbols for Asterisk
asterisk-dev - Development files for Asterisk
asterisk-doc - Source code documentation for Asterisk
asterisk-h323 - H.323 protocol support for Asterisk
asterisk-sounds-main - Core Sound files for Asterisk (English)
Closes: 631446 631448 632029
Changes:
asterisk (1:1.6.2.9-2+squeeze3) stable-security; urgency=high
.
* Patch AST-2011-008 (CVE-2011-2529) - crash on a malformed SIP packet
(Closes: 631446).
* Patch AST-2011-010 (CVE-2011-2535): crash due to dereferencing a remote
pointer (closes: #631448).
* AST-2011-011 (CVE-2011-2536): Don't leak SIP username information
(closes: #632029)
Checksums-Sha1:
668a7965327e738409724439409271043f98cd0f 2172 asterisk_1.6.2.9-2+squeeze3.dsc
c9399540bfecce7641a5d175f4dcfdfca82fe4df 87717
asterisk_1.6.2.9-2+squeeze3.debian.tar.gz
5dc6941df1ad8b9227cce039890a181c48e468a6 1703900
asterisk-doc_1.6.2.9-2+squeeze3_all.deb
a8de3f15a777eb1defb6e738202652ff5b19edc6 635634
asterisk-dev_1.6.2.9-2+squeeze3_all.deb
fc319cdbe3a9f7b345a416035b2f123b419baebe 2186984
asterisk-sounds-main_1.6.2.9-2+squeeze3_all.deb
46e6e1dee3525a8bf3d39ed7f48f03f141556072 716492
asterisk-config_1.6.2.9-2+squeeze3_all.deb
a2d551bf1ccef54331c6b51ac6679e62cc997124 3598922
asterisk_1.6.2.9-2+squeeze3_amd64.deb
6e2a42524f51e504220be6d0a01c28356de16b7a 533238
asterisk-h323_1.6.2.9-2+squeeze3_amd64.deb
f30d5a86624c4c4dfad26b9a1518b060d6ee5059 20322998
asterisk-dbg_1.6.2.9-2+squeeze3_amd64.deb
Checksums-Sha256:
6e4e925e9dff4e55de2d573cf677cb0f0ad9b7cb02b2bc453b199434badeba3c 2172
asterisk_1.6.2.9-2+squeeze3.dsc
ee7d4e72814b9c2f10fa46c206aa26e7ba8cd9e2cbfb1162445703fd05d90a89 87717
asterisk_1.6.2.9-2+squeeze3.debian.tar.gz
3892883a7bbf3dce79181e83eb09b4c719e5330013b103515718ea1149b0d3ea 1703900
asterisk-doc_1.6.2.9-2+squeeze3_all.deb
16b15a4539fd62e334ea3a630728c8573890c4f3d1099d0b53a17d81df021c0e 635634
asterisk-dev_1.6.2.9-2+squeeze3_all.deb
76d69df1351c00beaa0fe1ec356f3344e170e78dea82b9106f5d26546df88319 2186984
asterisk-sounds-main_1.6.2.9-2+squeeze3_all.deb
6ed9c028e06676f9e43b994be9451f1e07348ba937d403e62d483204a0ff5e05 716492
asterisk-config_1.6.2.9-2+squeeze3_all.deb
9749f838c942f600c643d67a2129e5bc8ac4f3e7c039f1445f78e353681edabe 3598922
asterisk_1.6.2.9-2+squeeze3_amd64.deb
ef37ce74f84eef8bb64b6ad077ba81f1a4e30c4a4830fa27e47cc556a6866f03 533238
asterisk-h323_1.6.2.9-2+squeeze3_amd64.deb
b80cb7dd2277ceede3255dfc051ba2a32e4f5571d54c875bafe4484532d2751d 20322998
asterisk-dbg_1.6.2.9-2+squeeze3_amd64.deb
Files:
71e40e858a86dc11faa37924b72d8927 2172 comm optional
asterisk_1.6.2.9-2+squeeze3.dsc
df9a679adeccc131c5050323791f714c 87717 comm optional
asterisk_1.6.2.9-2+squeeze3.debian.tar.gz
93649a6589a3cdc23882e3abd33f64c1 1703900 doc extra
asterisk-doc_1.6.2.9-2+squeeze3_all.deb
8ebf76d4f455a9e2225c26efbc3998ad 635634 devel extra
asterisk-dev_1.6.2.9-2+squeeze3_all.deb
158b5c125eab5f603dee8d26ffb7db55 2186984 comm optional
asterisk-sounds-main_1.6.2.9-2+squeeze3_all.deb
8dac83eab70310bf273a4a57d4f44d78 716492 comm optional
asterisk-config_1.6.2.9-2+squeeze3_all.deb
71a284e43d07e5fbbbabe02ff596db9e 3598922 comm optional
asterisk_1.6.2.9-2+squeeze3_amd64.deb
8c43ba91f624491a25e4442cd4edf63b 533238 comm optional
asterisk-h323_1.6.2.9-2+squeeze3_amd64.deb
334d236b647db7e598b212e5a4bc93c8 20322998 debug extra
asterisk-dbg_1.6.2.9-2+squeeze3_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk4VdkAACgkQxArWdkN9MosdVQCfdFgX9/ImAoMtj9GNxAgM/t0h
SwEAoJL1FxazdBLh8qnTVP0WoEz0XuFV
=qyoo
-----END PGP SIGNATURE-----
--- End Message ---
