Bug#651552: marked as done (CVE-2011-4598: DoS)

Mon, 26 Dec 2011 05:57:24 -0800 

Your message dated Mon, 26 Dec 2011 13:55:53 +0000
with message-id <e1rfb1t-0002oj...@franck.debian.org>
and subject line Bug#651552: fixed in asterisk 1:1.4.21.2~dfsg-3+lenny6
has caused the Debian Bug report #651552,
regarding CVE-2011-4598: DoS
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
651552: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=651552
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Source: asterisk
Severity: grave
Tags: security

Please see http://downloads.asterisk.org/pub/security/AST-2011-014.html
This has been assigned CVE-2011-4598.

There's also http://downloads.asterisk.org/pub/security/AST-2011-013.html,
(CVE-2011-4597), which seems rather esoteric and can likely be ignored
for stable.

Cheers,
        Moritz

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.0.0-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

--- End Message ---
--- Begin Message --- 
Source: asterisk
Source-Version: 1:1.4.21.2~dfsg-3+lenny6

We believe that the bug you reported is fixed in the latest version of
asterisk, which is due to be installed in the Debian FTP archive:

asterisk-config_1.4.21.2~dfsg-3+lenny6_all.deb
  to main/a/asterisk/asterisk-config_1.4.21.2~dfsg-3+lenny6_all.deb
asterisk-dbg_1.4.21.2~dfsg-3+lenny6_amd64.deb
  to main/a/asterisk/asterisk-dbg_1.4.21.2~dfsg-3+lenny6_amd64.deb
asterisk-dev_1.4.21.2~dfsg-3+lenny6_all.deb
  to main/a/asterisk/asterisk-dev_1.4.21.2~dfsg-3+lenny6_all.deb
asterisk-doc_1.4.21.2~dfsg-3+lenny6_all.deb
  to main/a/asterisk/asterisk-doc_1.4.21.2~dfsg-3+lenny6_all.deb
asterisk-h323_1.4.21.2~dfsg-3+lenny6_amd64.deb
  to main/a/asterisk/asterisk-h323_1.4.21.2~dfsg-3+lenny6_amd64.deb
asterisk-sounds-main_1.4.21.2~dfsg-3+lenny6_all.deb
  to main/a/asterisk/asterisk-sounds-main_1.4.21.2~dfsg-3+lenny6_all.deb
asterisk_1.4.21.2~dfsg-3+lenny6.diff.gz
  to main/a/asterisk/asterisk_1.4.21.2~dfsg-3+lenny6.diff.gz
asterisk_1.4.21.2~dfsg-3+lenny6.dsc
  to main/a/asterisk/asterisk_1.4.21.2~dfsg-3+lenny6.dsc
asterisk_1.4.21.2~dfsg-3+lenny6_amd64.deb
  to main/a/asterisk/asterisk_1.4.21.2~dfsg-3+lenny6_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 651...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Tzafrir Cohen <tzaf...@debian.org> (supplier of updated asterisk package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 18 Dec 2011 22:12:00 +0200
Source: asterisk
Binary: asterisk asterisk-h323 asterisk-doc asterisk-dev asterisk-dbg 
asterisk-sounds-main asterisk-config
Architecture: source all amd64
Version: 1:1.4.21.2~dfsg-3+lenny6
Distribution: oldstable-security
Urgency: high
Maintainer: Debian VoIP Team <pkg-voip-maintain...@lists.alioth.debian.org>
Changed-By: Tzafrir Cohen <tzaf...@debian.org>
Description: 
 asterisk   - Open Source Private Branch Exchange (PBX)
 asterisk-config - Configuration files for Asterisk
 asterisk-dbg - Debugging symbols for Asterisk
 asterisk-dev - Development files for Asterisk
 asterisk-doc - Source code documentation for Asterisk
 asterisk-h323 - H.323 protocol support for Asterisk
 asterisk-sounds-main - Core Sound files for Asterisk (English)
Closes: 651552
Changes: 
 asterisk (1:1.4.21.2~dfsg-3+lenny6) oldstable-security; urgency=high
 .
   * Patch AST-2011-013: potential remote information disclosure
     Closes: #651552 (CVE-2011-4597 The side issue. The DoS is
     inapplicable to Lenny).
     - The patch changeges the sample sip.conf . We change the sample
        config files, but not the files under /etc/asterisk .
Checksums-Sha1: 
 26a6bd291ea1b3cf0dd21e787cb5a413d6609124 1991 
asterisk_1.4.21.2~dfsg-3+lenny6.dsc
 daf9e3aa347d2aaebec3278e516e19fce50d0ad5 164896 
asterisk_1.4.21.2~dfsg-3+lenny6.diff.gz
 3552a482aefe1cbefc4d27778afe9b5b38798fbf 33065480 
asterisk-doc_1.4.21.2~dfsg-3+lenny6_all.deb
 b40ab3281999cac20aebe712da6d78140fe40fd4 429736 
asterisk-dev_1.4.21.2~dfsg-3+lenny6_all.deb
 0c97b30c6daaebdc46c1a3cb588384e3251398c6 1900274 
asterisk-sounds-main_1.4.21.2~dfsg-3+lenny6_all.deb
 391026beca1c811d7a4c6dc4b95377894a8c6492 485710 
asterisk-config_1.4.21.2~dfsg-3+lenny6_all.deb
 ccba574f44b0a6bb16a52a3f598d690cfa049387 2625156 
asterisk_1.4.21.2~dfsg-3+lenny6_amd64.deb
 4f8ad03de03345d082a310c728d4ab03aa7f1deb 398318 
asterisk-h323_1.4.21.2~dfsg-3+lenny6_amd64.deb
 61f1de49d38fa5b85b33d84b941d4a46b7bb3b6c 13154410 
asterisk-dbg_1.4.21.2~dfsg-3+lenny6_amd64.deb
Checksums-Sha256: 
 60f402246e21b9d5773acfcbef08de364f7f1362cd08d3f14734260cdf13841b 1991 
asterisk_1.4.21.2~dfsg-3+lenny6.dsc
 23e062ab4e90e7fd6775b011400c5df1372153c0bb961a6b262c00dc0cd62a11 164896 
asterisk_1.4.21.2~dfsg-3+lenny6.diff.gz
 8b403d5d51852091ad42a28b660823688329dec5ae2038073593494d96ada008 33065480 
asterisk-doc_1.4.21.2~dfsg-3+lenny6_all.deb
 3907d70c264379b36b8db1c0286a4c148de66a2a52421383db70339cc5f41cf2 429736 
asterisk-dev_1.4.21.2~dfsg-3+lenny6_all.deb
 5de6ed6cc043d18db9d8c87f3c65bf251af0b071ed5161206dfc918a7def938b 1900274 
asterisk-sounds-main_1.4.21.2~dfsg-3+lenny6_all.deb
 636587f8124ab39387b035b40510a2fe92221addf16c0b285eb97eaf243719d7 485710 
asterisk-config_1.4.21.2~dfsg-3+lenny6_all.deb
 97397e210078974e03c27a13a3b26c6e76c113d2d94f3583d4777339c79a6cd3 2625156 
asterisk_1.4.21.2~dfsg-3+lenny6_amd64.deb
 dfd0225c6dc6bd4f9d8a1835f5b7e249578633b8de805829b31943924e742a6b 398318 
asterisk-h323_1.4.21.2~dfsg-3+lenny6_amd64.deb
 79cfc2b0c7e8ea1cab93465b8185b0bfb3092d4392e5fdb68ff17566f0ccaffa 13154410 
asterisk-dbg_1.4.21.2~dfsg-3+lenny6_amd64.deb
Files: 
 aea3f19cf3a3cda76ef17b13ad2cf9a3 1991 comm optional 
asterisk_1.4.21.2~dfsg-3+lenny6.dsc
 558003ff9c25dfc36552174950353d2d 164896 comm optional 
asterisk_1.4.21.2~dfsg-3+lenny6.diff.gz
 0722f88fb1e225fb8f9c86169af81480 33065480 doc extra 
asterisk-doc_1.4.21.2~dfsg-3+lenny6_all.deb
 913f4b9b748211eac8e963b33fe17902 429736 devel extra 
asterisk-dev_1.4.21.2~dfsg-3+lenny6_all.deb
 9a43a82e62ca2eff565efe672ec841e2 1900274 comm optional 
asterisk-sounds-main_1.4.21.2~dfsg-3+lenny6_all.deb
 cd3f646e443a714ff8a5f79fb5c2d7da 485710 comm optional 
asterisk-config_1.4.21.2~dfsg-3+lenny6_all.deb
 3d913844a0326b9b012cb942054f6b80 2625156 comm optional 
asterisk_1.4.21.2~dfsg-3+lenny6_amd64.deb
 bfcad2fdf79970564e9e899ee95ff4fc 398318 comm optional 
asterisk-h323_1.4.21.2~dfsg-3+lenny6_amd64.deb
 61e570a39433c5d1720fae0034253ee9 13154410 devel extra 
asterisk-dbg_1.4.21.2~dfsg-3+lenny6_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAk7uVLYACgkQxArWdkN9MovRkwCgkzk6Enl217JFwdVNY32YL2Sc
MvoAoJHgWL7iSO8ljjD07/WY6N4E+GhP
=OIzX
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to