Your message dated Fri, 20 Jan 2012 15:32:39 +0000
with message-id <e1rogsf-0006df...@franck.debian.org>
and subject line Bug#656596: fixed in asterisk 1:1.8.8.2~dfsg-1
has caused the Debian Bug report #656596,
regarding asterisk: SRTP Video Remote Crash Vulnerability
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
656596: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=656596
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: asterisk
Version: 1:1.8.8.0~dfsg-1
Severity: grave
Tags: security patch upstream
Justification: causes non-serious data loss
http://downloads.asterisk.org/pub/security/AST-2012-001.html
(No CVE set yet, AFAIK)
An attacker attempting to negotiate a secure video stream can crash
Asterisk if video support has not been enabled and the res_srtp Asterisk
module is loaded.
I am not aware of any exploits to the issue. It requires the remote user
to be permitted to connect to the system but certain systems may also
allow guests.
No effect on the version in Squeeze, as Asterisk did not have SRTP
support before 1.8 and Squeeze uses 1.6.2 .
--
Tzafrir Cohen | tzaf...@jabber.org | VIM is
http://tzafrir.org.il | | a Mutt's
tzaf...@cohens.org.il | | best
tzaf...@debian.org | | friend
--- End Message ---
--- Begin Message ---
Source: asterisk
Source-Version: 1:1.8.8.2~dfsg-1
We believe that the bug you reported is fixed in the latest version of
asterisk, which is due to be installed in the Debian FTP archive:
asterisk-config_1.8.8.2~dfsg-1_all.deb
to main/a/asterisk/asterisk-config_1.8.8.2~dfsg-1_all.deb
asterisk-dahdi_1.8.8.2~dfsg-1_amd64.deb
to main/a/asterisk/asterisk-dahdi_1.8.8.2~dfsg-1_amd64.deb
asterisk-dbg_1.8.8.2~dfsg-1_amd64.deb
to main/a/asterisk/asterisk-dbg_1.8.8.2~dfsg-1_amd64.deb
asterisk-dev_1.8.8.2~dfsg-1_all.deb
to main/a/asterisk/asterisk-dev_1.8.8.2~dfsg-1_all.deb
asterisk-doc_1.8.8.2~dfsg-1_all.deb
to main/a/asterisk/asterisk-doc_1.8.8.2~dfsg-1_all.deb
asterisk-mobile_1.8.8.2~dfsg-1_amd64.deb
to main/a/asterisk/asterisk-mobile_1.8.8.2~dfsg-1_amd64.deb
asterisk-modules_1.8.8.2~dfsg-1_amd64.deb
to main/a/asterisk/asterisk-modules_1.8.8.2~dfsg-1_amd64.deb
asterisk-mp3_1.8.8.2~dfsg-1_amd64.deb
to main/a/asterisk/asterisk-mp3_1.8.8.2~dfsg-1_amd64.deb
asterisk-mysql_1.8.8.2~dfsg-1_amd64.deb
to main/a/asterisk/asterisk-mysql_1.8.8.2~dfsg-1_amd64.deb
asterisk-ooh323_1.8.8.2~dfsg-1_amd64.deb
to main/a/asterisk/asterisk-ooh323_1.8.8.2~dfsg-1_amd64.deb
asterisk-voicemail-imapstorage_1.8.8.2~dfsg-1_amd64.deb
to main/a/asterisk/asterisk-voicemail-imapstorage_1.8.8.2~dfsg-1_amd64.deb
asterisk-voicemail-odbcstorage_1.8.8.2~dfsg-1_amd64.deb
to main/a/asterisk/asterisk-voicemail-odbcstorage_1.8.8.2~dfsg-1_amd64.deb
asterisk-voicemail_1.8.8.2~dfsg-1_amd64.deb
to main/a/asterisk/asterisk-voicemail_1.8.8.2~dfsg-1_amd64.deb
asterisk_1.8.8.2~dfsg-1.debian.tar.gz
to main/a/asterisk/asterisk_1.8.8.2~dfsg-1.debian.tar.gz
asterisk_1.8.8.2~dfsg-1.dsc
to main/a/asterisk/asterisk_1.8.8.2~dfsg-1.dsc
asterisk_1.8.8.2~dfsg-1_amd64.deb
to main/a/asterisk/asterisk_1.8.8.2~dfsg-1_amd64.deb
asterisk_1.8.8.2~dfsg.orig.tar.gz
to main/a/asterisk/asterisk_1.8.8.2~dfsg.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 656...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Tzafrir Cohen <tzaf...@debian.org> (supplier of updated asterisk package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 20 Jan 2012 14:16:47 +0200
Source: asterisk
Binary: asterisk asterisk-modules asterisk-dahdi asterisk-voicemail
asterisk-voicemail-imapstorage asterisk-voicemail-odbcstorage asterisk-ooh323
asterisk-mp3 asterisk-mysql asterisk-mobile asterisk-doc asterisk-dev
asterisk-dbg asterisk-config
Architecture: source all amd64
Version: 1:1.8.8.2~dfsg-1
Distribution: unstable
Urgency: high
Maintainer: Debian VoIP Team <pkg-voip-maintain...@lists.alioth.debian.org>
Changed-By: Tzafrir Cohen <tzaf...@debian.org>
Description:
asterisk - Open Source Private Branch Exchange (PBX)
asterisk-config - Configuration files for Asterisk
asterisk-dahdi - DAHDI devices support for the Asterisk PBX
asterisk-dbg - Debugging symbols for Asterisk
asterisk-dev - Development files for Asterisk
asterisk-doc - Source code documentation for Asterisk
asterisk-mobile - Bluetooth phone support for the Asterisk PBX
asterisk-modules - loadable modules for the Asterisk PBX
asterisk-mp3 - MP3 playback support for the Asterisk PBX
asterisk-mysql - MySQL database protocol support for the Asterisk PBX
asterisk-ooh323 - H.323 protocol support for the Asterisk PBX - ooH323c
asterisk-voicemail - simple voicemail support for the Asterisk PBX
asterisk-voicemail-imapstorage - IMAP voicemail storage support for the
Asterisk PBX
asterisk-voicemail-odbcstorage - ODBC voicemail storage support for the
Asterisk PBX
Closes: 653944 656596
Changes:
asterisk (1:1.8.8.2~dfsg-1) unstable; urgency=high
.
* New upstream release, fixes AST-2012-001 (Closes: #656596).
* Use CFLAGS and LDFLAGS from dpkg-buildflags (Closes: #653944).
Checksums-Sha1:
519b514231284b11ec2d4dcca75a6b65110b3f70 2990 asterisk_1.8.8.2~dfsg-1.dsc
2145d5493dfecea03f270ed26efb48521a5d386f 7561372
asterisk_1.8.8.2~dfsg.orig.tar.gz
732671b7693831cb76691b27f6de274837ea4d49 348371
asterisk_1.8.8.2~dfsg-1.debian.tar.gz
3ba74b82d065d61fcabb2d2cb689388996c23f95 1912252
asterisk-doc_1.8.8.2~dfsg-1_all.deb
6b3ccb1a9dca082be4249c2b414467e9108ea605 875696
asterisk-dev_1.8.8.2~dfsg-1_all.deb
8581a9396bbd5e77c38c67da5df84e264f9e7e28 927092
asterisk-config_1.8.8.2~dfsg-1_all.deb
8b5787a47378063b50de78062e1e99ffac6949d8 1672072
asterisk_1.8.8.2~dfsg-1_amd64.deb
0712ea2470d53f74aa381af900b68a732ee74f79 2752094
asterisk-modules_1.8.8.2~dfsg-1_amd64.deb
c93ae42825d584c089f5748f1fd965940e9da230 840246
asterisk-dahdi_1.8.8.2~dfsg-1_amd64.deb
cfdd84bef0e70da03d2b4cc7557706de6a70fcca 615934
asterisk-voicemail_1.8.8.2~dfsg-1_amd64.deb
ef5ab9119c7829d5215f86bb920139fbdb773113 630534
asterisk-voicemail-imapstorage_1.8.8.2~dfsg-1_amd64.deb
352be490c3a7ba1a46781fcba6dfcd50127d3bac 621796
asterisk-voicemail-odbcstorage_1.8.8.2~dfsg-1_amd64.deb
5f54cbb495cf02b606c50f01f8487554c254ff91 958550
asterisk-ooh323_1.8.8.2~dfsg-1_amd64.deb
9c3433314cf35f00a34ceabd991687f559c9190f 555080
asterisk-mp3_1.8.8.2~dfsg-1_amd64.deb
f51dd7e979f8bfb02cbae272c96fe3a123020c83 579308
asterisk-mysql_1.8.8.2~dfsg-1_amd64.deb
c77b4b0269739389bc7d5ade0f4176befa846255 569014
asterisk-mobile_1.8.8.2~dfsg-1_amd64.deb
2ccdf05678a847b0062c95cdc9c652318b304fc6 29212670
asterisk-dbg_1.8.8.2~dfsg-1_amd64.deb
Checksums-Sha256:
514ecbb65d04b0072d989b1ae1fd7a65a6c3d6c95d7ff3e9bcd8c7c984bc2e21 2990
asterisk_1.8.8.2~dfsg-1.dsc
8364505c67028749cd08d1994ad4e49889acd763785e0383bf885849b24bbb5e 7561372
asterisk_1.8.8.2~dfsg.orig.tar.gz
0a576f78895e71ee15a6547fe3a95bb2e071a4f04714f00f0d2f9d37d0d113fc 348371
asterisk_1.8.8.2~dfsg-1.debian.tar.gz
7d8ca535e374ffa030484163338e69d1ecd322eff5cad822a122bc78afcdb2df 1912252
asterisk-doc_1.8.8.2~dfsg-1_all.deb
0119876e48cb60af70883c43b42022e8d5e3400a394b74f319878f0ca776f730 875696
asterisk-dev_1.8.8.2~dfsg-1_all.deb
41aab0f0336042b56198ab842ffe7137367d9417a3045c890dbf48333134593c 927092
asterisk-config_1.8.8.2~dfsg-1_all.deb
09b50b84b2f278563eb79d4a77d81d941545bb9b799503a300c9b5da5227620b 1672072
asterisk_1.8.8.2~dfsg-1_amd64.deb
80d7936438084d508417fca3cf95dc3fab4862d96cbd2d413179fed571ac38a3 2752094
asterisk-modules_1.8.8.2~dfsg-1_amd64.deb
5a43b06e91a0512d7c51ec87df1c9a916bff5a6e5a2ff929908813455cf6e11d 840246
asterisk-dahdi_1.8.8.2~dfsg-1_amd64.deb
3bc9aed742a38088a713a0473fe0c47d273e48e8a89a6255b6bd2cb0f4f46311 615934
asterisk-voicemail_1.8.8.2~dfsg-1_amd64.deb
8dc055e9a58273db0dddfc783646eb0c4ef6d110f63724a2b940d7e99116e581 630534
asterisk-voicemail-imapstorage_1.8.8.2~dfsg-1_amd64.deb
0005dc42e0398b313edbf7fcb469734f3ddfe6d32b8dfdc4f399a071148c033b 621796
asterisk-voicemail-odbcstorage_1.8.8.2~dfsg-1_amd64.deb
3a8412649c9a64c60822123e774c3de0ddf6657ad85f64e97bdd0f9662765daf 958550
asterisk-ooh323_1.8.8.2~dfsg-1_amd64.deb
61655f2b0fad83653c7c5b268f2a6530720c2a8718f6630ca071d67bfdcfeb1b 555080
asterisk-mp3_1.8.8.2~dfsg-1_amd64.deb
c45a0ec43747fee44d8bd1c3cf7ca1fa993ca673f3abed9a579d9f4a04dbf171 579308
asterisk-mysql_1.8.8.2~dfsg-1_amd64.deb
25507cf2662273bb713a7ce4595298a0843eb45a983903adc1d721c7d2c7af40 569014
asterisk-mobile_1.8.8.2~dfsg-1_amd64.deb
02644f39d5a73566b2d751e55626eda2f2da59d1c60c6e5e6d76ac1ffec2e2ab 29212670
asterisk-dbg_1.8.8.2~dfsg-1_amd64.deb
Files:
486bad6b0792946517b48c1bf76efb59 2990 comm optional asterisk_1.8.8.2~dfsg-1.dsc
000a3b06f95d81143741ede15d3a8ece 7561372 comm optional
asterisk_1.8.8.2~dfsg.orig.tar.gz
708d0f61ef6ed8a3c024f83b0787c0e1 348371 comm optional
asterisk_1.8.8.2~dfsg-1.debian.tar.gz
fe1638c9d197a5e5c22b41ae5f2ec3a2 1912252 doc extra
asterisk-doc_1.8.8.2~dfsg-1_all.deb
675a1361db0051086e66fa6def9edbb4 875696 devel extra
asterisk-dev_1.8.8.2~dfsg-1_all.deb
eab4d4d971298291e700018e9259c105 927092 comm optional
asterisk-config_1.8.8.2~dfsg-1_all.deb
bcfbbb600d5f7aad99c70e11fa9e5bb5 1672072 comm optional
asterisk_1.8.8.2~dfsg-1_amd64.deb
7bd329fef0325b7fce27edfa972daea0 2752094 libs optional
asterisk-modules_1.8.8.2~dfsg-1_amd64.deb
74fe969fca6379b4d71ec655c7295ea7 840246 comm optional
asterisk-dahdi_1.8.8.2~dfsg-1_amd64.deb
ee633b06f9a696dd001e4a7844925f46 615934 comm optional
asterisk-voicemail_1.8.8.2~dfsg-1_amd64.deb
4be65896a498db1316e363f22f729c42 630534 comm optional
asterisk-voicemail-imapstorage_1.8.8.2~dfsg-1_amd64.deb
e4e14391da3e6dd2277d5de82a4e40c1 621796 comm optional
asterisk-voicemail-odbcstorage_1.8.8.2~dfsg-1_amd64.deb
f7a654e224851d28ceb3587c061229c3 958550 comm optional
asterisk-ooh323_1.8.8.2~dfsg-1_amd64.deb
36d76416b9a7617c419460420a1f76f7 555080 comm optional
asterisk-mp3_1.8.8.2~dfsg-1_amd64.deb
442a67c72c946ffbf18f937a311b2f61 579308 comm optional
asterisk-mysql_1.8.8.2~dfsg-1_amd64.deb
837a1c9253dc386c6ab45062f3051f1d 569014 comm optional
asterisk-mobile_1.8.8.2~dfsg-1_amd64.deb
f6d4a6e9bf090a042fe76718a33fa780 29212670 debug extra
asterisk-dbg_1.8.8.2~dfsg-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk8Zfk4ACgkQxArWdkN9Mot9ZACgxkLLi5hNey2SUXIE6FLx7XMC
djYAnj7oIMzGDUKnBy84DoABARUAmVEf
=UPJf
-----END PGP SIGNATURE-----
--- End Message ---
