Your message dated Tue, 26 Jul 2011 01:54:16 +0000
with message-id <e1qlwqe-0001q9...@franck.debian.org>
and subject line Bug#631448: fixed in asterisk 1:1.4.21.2~dfsg-3+lenny3
has caused the Debian Bug report #631448,
regarding asterisk: AST-2011-010 (CVE-2011-2535) - crash due to using remote
pointers
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
631448: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631448
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: asterisk
Version: 1:1.8.4.2-1
Severity: grave
Tags: security upstream patch
Justification: user security hole
A memory address was inadvertently transmitted over the network via IAX2
via an option control frame and the remote party would try to access it.
This applies only to version 1.8 in Wheezy/Sid and not to the versions in
Lenny and Squeeze. The advisory does apply to some newer versions of
Asterisk 1.4 and 1.6.2, but not to the older versions used in Lenny and
Squeeze, respectively.
For more information, see
http://downloads.asterisk.org/pub/security/AST-2011-010.html
--- End Message ---
--- Begin Message ---
Source: asterisk
Source-Version: 1:1.4.21.2~dfsg-3+lenny3
We believe that the bug you reported is fixed in the latest version of
asterisk, which is due to be installed in the Debian FTP archive:
asterisk-config_1.4.21.2~dfsg-3+lenny3_all.deb
to main/a/asterisk/asterisk-config_1.4.21.2~dfsg-3+lenny3_all.deb
asterisk-dbg_1.4.21.2~dfsg-3+lenny3_amd64.deb
to main/a/asterisk/asterisk-dbg_1.4.21.2~dfsg-3+lenny3_amd64.deb
asterisk-dev_1.4.21.2~dfsg-3+lenny3_all.deb
to main/a/asterisk/asterisk-dev_1.4.21.2~dfsg-3+lenny3_all.deb
asterisk-doc_1.4.21.2~dfsg-3+lenny3_all.deb
to main/a/asterisk/asterisk-doc_1.4.21.2~dfsg-3+lenny3_all.deb
asterisk-h323_1.4.21.2~dfsg-3+lenny3_amd64.deb
to main/a/asterisk/asterisk-h323_1.4.21.2~dfsg-3+lenny3_amd64.deb
asterisk-sounds-main_1.4.21.2~dfsg-3+lenny3_all.deb
to main/a/asterisk/asterisk-sounds-main_1.4.21.2~dfsg-3+lenny3_all.deb
asterisk_1.4.21.2~dfsg-3+lenny3.diff.gz
to main/a/asterisk/asterisk_1.4.21.2~dfsg-3+lenny3.diff.gz
asterisk_1.4.21.2~dfsg-3+lenny3.dsc
to main/a/asterisk/asterisk_1.4.21.2~dfsg-3+lenny3.dsc
asterisk_1.4.21.2~dfsg-3+lenny3_amd64.deb
to main/a/asterisk/asterisk_1.4.21.2~dfsg-3+lenny3_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 631...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Tzafrir Cohen <tzaf...@debian.org> (supplier of updated asterisk package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Tue, 05 Jul 2011 00:08:08 +0300
Source: asterisk
Binary: asterisk asterisk-h323 asterisk-doc asterisk-dev asterisk-dbg
asterisk-sounds-main asterisk-config
Architecture: source all amd64
Version: 1:1.4.21.2~dfsg-3+lenny3
Distribution: oldstable-security
Urgency: high
Maintainer: Debian VoIP Team <pkg-voip-maintain...@lists.alioth.debian.org>
Changed-By: Tzafrir Cohen <tzaf...@debian.org>
Description:
asterisk - Open Source Private Branch Exchange (PBX)
asterisk-config - Configuration files for Asterisk
asterisk-dbg - Debugging symbols for Asterisk
asterisk-dev - Development files for Asterisk
asterisk-doc - Source code documentation for Asterisk
asterisk-h323 - H.323 protocol support for Asterisk
asterisk-sounds-main - Core Sound files for Asterisk (English)
Closes: 631446 631448 632029
Changes:
asterisk (1:1.4.21.2~dfsg-3+lenny3) oldstable-security; urgency=high
.
* Patch AST-2011-008 (CVE-2011-2529) - crash on a malformed SIP packet
(Closes: 631446).
* AST-2011-010 (CVE-2011-2535): crash due to dereferencing a remote pointer
(closes: #631448)
* AST-2011-011 (CVE-2011-2536): Don't leak SIP username information
(closes: #632029)
Checksums-Sha1:
025c04d1dfcdb6381e2c322afaf389b63d06956c 1979
asterisk_1.4.21.2~dfsg-3+lenny3.dsc
9d8cfa8c8e0f3738ca6072fa0459755a7d77151a 160745
asterisk_1.4.21.2~dfsg-3+lenny3.diff.gz
606cf06f5c81f0e1e349fefdf2c48f298b88cdd7 33072526
asterisk-doc_1.4.21.2~dfsg-3+lenny3_all.deb
cfbb5c0bfe1496cdbf1e762c0e209de9e9f9acdf 429584
asterisk-dev_1.4.21.2~dfsg-3+lenny3_all.deb
e7c0fa765b7a2021bfba3c01a095cdab9c9b12e8 1900114
asterisk-sounds-main_1.4.21.2~dfsg-3+lenny3_all.deb
adb78d3daba3dd9fcbc80ba0bd8f946224e83b67 485382
asterisk-config_1.4.21.2~dfsg-3+lenny3_all.deb
0f226bac20fdafadfd090a3fbb945ad177e257c7 2624164
asterisk_1.4.21.2~dfsg-3+lenny3_amd64.deb
b442e3d2fb81d0bc0dd9e7f9b11b4405a5f363cd 398148
asterisk-h323_1.4.21.2~dfsg-3+lenny3_amd64.deb
c803e9ec4bdd8b793750c5ba128674a8975652e3 13153944
asterisk-dbg_1.4.21.2~dfsg-3+lenny3_amd64.deb
Checksums-Sha256:
b2e9a5f224ea62933ead7cf7e8afb1ac0ae7080dbf0e71860c958dcd42d283f5 1979
asterisk_1.4.21.2~dfsg-3+lenny3.dsc
37f17774b1a2432f025ff44b1932816668fdc8adcf23aae1457eee132c0dbb51 160745
asterisk_1.4.21.2~dfsg-3+lenny3.diff.gz
a4eab28bdd1f31b971f2dab8dab742bc78fd13e6ccdd7273646d2dd0c0606931 33072526
asterisk-doc_1.4.21.2~dfsg-3+lenny3_all.deb
1290a6a2d8a261a6f8eaeaf1962d76b8116e9cc302711686fcf8a4294fc143e8 429584
asterisk-dev_1.4.21.2~dfsg-3+lenny3_all.deb
06fb50bbe29c494089bafae0e0585b152aff596c1678311d4271cbab0d59d29a 1900114
asterisk-sounds-main_1.4.21.2~dfsg-3+lenny3_all.deb
3db2d6f38165b4d623021dedc0a1fa296be9af218f2fcaf9a28a945b32d0b9e3 485382
asterisk-config_1.4.21.2~dfsg-3+lenny3_all.deb
50c453a84babc4e294532895dd4811f550fe8c07cc044985f345b5f614412f2d 2624164
asterisk_1.4.21.2~dfsg-3+lenny3_amd64.deb
2761c4b74df70c01b135b16476aab9d5040dbab368fec094b854c50b2b5d5948 398148
asterisk-h323_1.4.21.2~dfsg-3+lenny3_amd64.deb
bacb37c3efb680d79f5f4868b25511b82bed510ff47de8b180d8017d7306a8d1 13153944
asterisk-dbg_1.4.21.2~dfsg-3+lenny3_amd64.deb
Files:
9339f7b7eb664596f98add5a3bca70bc 1979 comm optional
asterisk_1.4.21.2~dfsg-3+lenny3.dsc
dcea9f2d1a6aca93bee0c3d40e63ed65 160745 comm optional
asterisk_1.4.21.2~dfsg-3+lenny3.diff.gz
3031b861d3e96ea05c1df2a608e1b552 33072526 doc extra
asterisk-doc_1.4.21.2~dfsg-3+lenny3_all.deb
2b7aada10a778d52fe1d6dcafa10a66c 429584 devel extra
asterisk-dev_1.4.21.2~dfsg-3+lenny3_all.deb
ea27f09b054748267842c6ac1f774096 1900114 comm optional
asterisk-sounds-main_1.4.21.2~dfsg-3+lenny3_all.deb
20a418dc42e61dd3b9c1dfd00415c7fb 485382 comm optional
asterisk-config_1.4.21.2~dfsg-3+lenny3_all.deb
a9334626db58da5ae7b7885d5952d0d9 2624164 comm optional
asterisk_1.4.21.2~dfsg-3+lenny3_amd64.deb
78bf5b1c0f9d4289fffdd6f5cf6d4908 398148 comm optional
asterisk-h323_1.4.21.2~dfsg-3+lenny3_amd64.deb
0ab7500e359954635b975b618ebcfec7 13153944 devel extra
asterisk-dbg_1.4.21.2~dfsg-3+lenny3_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk4VcjAACgkQxArWdkN9MosUFwCcCxeZVPq9v9Ogf0xzKIRpjtOB
2osAoMvhUQ4C2tUYSks1j/cxEr2doA0L
=BjLs
-----END PGP SIGNATURE-----
--- End Message ---
