Your message dated Mon, 19 Dec 2011 20:02:30 +0000
with message-id <e1rcjpq-00039m...@franck.debian.org>
and subject line Bug#651552: fixed in asterisk 1:1.6.2.9-2+squeeze4
has caused the Debian Bug report #651552,
regarding CVE-2011-4598: DoS
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
651552: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=651552
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: asterisk
Severity: grave
Tags: security
Please see http://downloads.asterisk.org/pub/security/AST-2011-014.html
This has been assigned CVE-2011-4598.
There's also http://downloads.asterisk.org/pub/security/AST-2011-013.html,
(CVE-2011-4597), which seems rather esoteric and can likely be ignored
for stable.
Cheers,
Moritz
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.0.0-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
--- End Message ---
--- Begin Message ---
Source: asterisk
Source-Version: 1:1.6.2.9-2+squeeze4
We believe that the bug you reported is fixed in the latest version of
asterisk, which is due to be installed in the Debian FTP archive:
asterisk-config_1.6.2.9-2+squeeze4_all.deb
to main/a/asterisk/asterisk-config_1.6.2.9-2+squeeze4_all.deb
asterisk-dbg_1.6.2.9-2+squeeze4_amd64.deb
to main/a/asterisk/asterisk-dbg_1.6.2.9-2+squeeze4_amd64.deb
asterisk-dev_1.6.2.9-2+squeeze4_all.deb
to main/a/asterisk/asterisk-dev_1.6.2.9-2+squeeze4_all.deb
asterisk-doc_1.6.2.9-2+squeeze4_all.deb
to main/a/asterisk/asterisk-doc_1.6.2.9-2+squeeze4_all.deb
asterisk-h323_1.6.2.9-2+squeeze4_amd64.deb
to main/a/asterisk/asterisk-h323_1.6.2.9-2+squeeze4_amd64.deb
asterisk-sounds-main_1.6.2.9-2+squeeze4_all.deb
to main/a/asterisk/asterisk-sounds-main_1.6.2.9-2+squeeze4_all.deb
asterisk_1.6.2.9-2+squeeze4.debian.tar.gz
to main/a/asterisk/asterisk_1.6.2.9-2+squeeze4.debian.tar.gz
asterisk_1.6.2.9-2+squeeze4.dsc
to main/a/asterisk/asterisk_1.6.2.9-2+squeeze4.dsc
asterisk_1.6.2.9-2+squeeze4_amd64.deb
to main/a/asterisk/asterisk_1.6.2.9-2+squeeze4_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 651...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Tzafrir Cohen <tzaf...@debian.org> (supplier of updated asterisk package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 18 Dec 2011 22:20:47 +0200
Source: asterisk
Binary: asterisk asterisk-h323 asterisk-doc asterisk-dev asterisk-dbg
asterisk-sounds-main asterisk-config
Architecture: source all amd64
Version: 1:1.6.2.9-2+squeeze4
Distribution: stable-security
Urgency: high
Maintainer: Debian VoIP Team <pkg-voip-maintain...@lists.alioth.debian.org>
Changed-By: Tzafrir Cohen <tzaf...@debian.org>
Description:
asterisk - Open Source Private Branch Exchange (PBX)
asterisk-config - Configuration files for Asterisk
asterisk-dbg - Debugging symbols for Asterisk
asterisk-dev - Development files for Asterisk
asterisk-doc - Source code documentation for Asterisk
asterisk-h323 - H.323 protocol support for Asterisk
asterisk-sounds-main - Core Sound files for Asterisk (English)
Closes: 630381 639821 651552
Changes:
asterisk (1:1.6.2.9-2+squeeze4) stable-security; urgency=high
.
[ Kilian Krause ]
* Fix sporadic segfault in chan_sip.so (Closes: #630381).
.
[ Tzafrir Cohen ]
* Patch fix_bridging_crash: segfault in bridging API (Closes: #639821).
* README.Debian: clarify datadir pathes (regarding #628415).
* Patch AST-2011-014 (CVE-2011-4598) - Remote crash possibility with
SIP and the “automon” feature enabled Closes: #651552.
inapplicable to Lenny).
* Patch AST-2011-013 (CVE-2011-4597) : potential remote information
disclosure.
- The patch changeges the sample sip.conf . We change the sample
config files, but not the files under /etc/asterisk .
Checksums-Sha1:
c5be337343bf1fdfc8537dcace620a506f5b404e 2219 asterisk_1.6.2.9-2+squeeze4.dsc
88f09f46696d76da3182a621f2a0435ab6d31096 92986
asterisk_1.6.2.9-2+squeeze4.debian.tar.gz
1a5f23d762ac55252ce1fb3c2cc5c7be6fb218cb 1704434
asterisk-doc_1.6.2.9-2+squeeze4_all.deb
c0f8b0b083a6bde1bfe58403c9c2d4c14f778be4 635882
asterisk-dev_1.6.2.9-2+squeeze4_all.deb
cc5b431cd1cb8e02545cc2dbef33be9901aec3f1 2187236
asterisk-sounds-main_1.6.2.9-2+squeeze4_all.deb
7e5c42adcdc008acc729abf11cc6695eb1517321 716800
asterisk-config_1.6.2.9-2+squeeze4_all.deb
ce74fb801fa9462b907a6ab1edc65e1264f6165b 3600274
asterisk_1.6.2.9-2+squeeze4_amd64.deb
3cb43aca14d2792fe608baa44222c26cab15dd67 533538
asterisk-h323_1.6.2.9-2+squeeze4_amd64.deb
64df681c09d2b41429a87831bff17496f12a0e90 20323722
asterisk-dbg_1.6.2.9-2+squeeze4_amd64.deb
Checksums-Sha256:
8edc53fc1ae66a12b81de36495f3b2d073ffd29b52d88102d64b05cde03334f2 2219
asterisk_1.6.2.9-2+squeeze4.dsc
108b43cf9ee6ed135b3c3660dad8a3a972ed5520c3f80954841d2b4eef83de7c 92986
asterisk_1.6.2.9-2+squeeze4.debian.tar.gz
49c05e837dce65f31aa367a884924bdcc9ca15b7487536bf7a5fa9d0d0a528d3 1704434
asterisk-doc_1.6.2.9-2+squeeze4_all.deb
38a00056fddc169820cb1326e3ed48dd01f1466eb0115050a412f36e29702058 635882
asterisk-dev_1.6.2.9-2+squeeze4_all.deb
e807ce19cca37f85cf9fabeb6804b2458465bc5cb96cd81427c535e7e4616ae6 2187236
asterisk-sounds-main_1.6.2.9-2+squeeze4_all.deb
c13c563301c26b6c59b2825ec642196d39d67c9a4481cfc7d5dbd343b0632fbd 716800
asterisk-config_1.6.2.9-2+squeeze4_all.deb
32d7a8e2cee32753020dc004631d90406594d48de4ef31b45aae45b89dc434d0 3600274
asterisk_1.6.2.9-2+squeeze4_amd64.deb
a7b765b0480f0580d105f2fa0b858ebd60e4f1260066a7dd2f369f3e1828e227 533538
asterisk-h323_1.6.2.9-2+squeeze4_amd64.deb
0fd3fc457bca9b99cce2269c745f59ddb53832fa0845c8deb90eca86d4ec6cc8 20323722
asterisk-dbg_1.6.2.9-2+squeeze4_amd64.deb
Files:
7d31f0a8254adf13750a1ed3440ddebd 2219 comm optional
asterisk_1.6.2.9-2+squeeze4.dsc
dfda06362d8880bbaab581932edd3f1d 92986 comm optional
asterisk_1.6.2.9-2+squeeze4.debian.tar.gz
10e021696fed0f30ef1fad8b4c835026 1704434 doc extra
asterisk-doc_1.6.2.9-2+squeeze4_all.deb
3145d8355ab47827aecb98460063f89c 635882 devel extra
asterisk-dev_1.6.2.9-2+squeeze4_all.deb
31adf6056c340d91cb12b1a181700308 2187236 comm optional
asterisk-sounds-main_1.6.2.9-2+squeeze4_all.deb
d40fc4a55901e88b07718d3ad49e27a0 716800 comm optional
asterisk-config_1.6.2.9-2+squeeze4_all.deb
847ec58aaaf81f3ecc6cc7e3a0ffed9f 3600274 comm optional
asterisk_1.6.2.9-2+squeeze4_amd64.deb
6bfd8e7564ee69faf143957dc7951728 533538 comm optional
asterisk-h323_1.6.2.9-2+squeeze4_amd64.deb
5f0518d65743311bdd8d0ace474ed559 20323722 debug extra
asterisk-dbg_1.6.2.9-2+squeeze4_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk7uVm0ACgkQxArWdkN9Mou0TQCgwAInyq1rGo94zXheC/OoQot0
+McAoJPlI8ydF6aI1tgEDaR/55Mipdcj
=TwRa
-----END PGP SIGNATURE-----
--- End Message ---
