Your message dated Wed, 25 Apr 2012 19:47:12 +0000
with message-id <e1sn8be-0008ob...@franck.debian.org>
and subject line Bug#670180: fixed in asterisk 1:1.6.2.9-2+squeeze5
has caused the Debian Bug report #670180,
regarding CVE-2012-2414 CVE-2012-2415 CVE-2012-2416
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
670180: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670180
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: asterisk
Severity: grave
Tags: security
CVE-2012-2414 http://downloads.asterisk.org/pub/security/AST-2012-004.html
CVE-2012-2415 http://downloads.asterisk.org/pub/security/AST-2012-005.html
CVE-2012-2416 http://downloads.asterisk.org/pub/security/AST-2012-006.html
Cheers,
Moritz
--- End Message ---
--- Begin Message ---
Source: asterisk
Source-Version: 1:1.6.2.9-2+squeeze5
We believe that the bug you reported is fixed in the latest version of
asterisk, which is due to be installed in the Debian FTP archive:
asterisk-config_1.6.2.9-2+squeeze5_all.deb
to main/a/asterisk/asterisk-config_1.6.2.9-2+squeeze5_all.deb
asterisk-dbg_1.6.2.9-2+squeeze5_amd64.deb
to main/a/asterisk/asterisk-dbg_1.6.2.9-2+squeeze5_amd64.deb
asterisk-dev_1.6.2.9-2+squeeze5_all.deb
to main/a/asterisk/asterisk-dev_1.6.2.9-2+squeeze5_all.deb
asterisk-doc_1.6.2.9-2+squeeze5_all.deb
to main/a/asterisk/asterisk-doc_1.6.2.9-2+squeeze5_all.deb
asterisk-h323_1.6.2.9-2+squeeze5_amd64.deb
to main/a/asterisk/asterisk-h323_1.6.2.9-2+squeeze5_amd64.deb
asterisk-sounds-main_1.6.2.9-2+squeeze5_all.deb
to main/a/asterisk/asterisk-sounds-main_1.6.2.9-2+squeeze5_all.deb
asterisk_1.6.2.9-2+squeeze5.debian.tar.gz
to main/a/asterisk/asterisk_1.6.2.9-2+squeeze5.debian.tar.gz
asterisk_1.6.2.9-2+squeeze5.dsc
to main/a/asterisk/asterisk_1.6.2.9-2+squeeze5.dsc
asterisk_1.6.2.9-2+squeeze5_amd64.deb
to main/a/asterisk/asterisk_1.6.2.9-2+squeeze5_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 670...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Tzafrir Cohen <tzaf...@debian.org> (supplier of updated asterisk package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 25 Apr 2012 12:00:20 +0300
Source: asterisk
Binary: asterisk asterisk-h323 asterisk-doc asterisk-dev asterisk-dbg
asterisk-sounds-main asterisk-config
Architecture: source all amd64
Version: 1:1.6.2.9-2+squeeze5
Distribution: stable-security
Urgency: high
Maintainer: Debian VoIP Team <pkg-voip-maintain...@lists.alioth.debian.org>
Changed-By: Tzafrir Cohen <tzaf...@debian.org>
Description:
asterisk - Open Source Private Branch Exchange (PBX)
asterisk-config - Configuration files for Asterisk
asterisk-dbg - Debugging symbols for Asterisk
asterisk-dev - Development files for Asterisk
asterisk-doc - Source code documentation for Asterisk
asterisk-h323 - H.323 protocol support for Asterisk
asterisk-sounds-main - Core Sound files for Asterisk (English)
Closes: 656208 664411 670180
Changes:
asterisk (1:1.6.2.9-2+squeeze5) stable-security; urgency=high
.
* Do include patch AST-2011-014.
* Quote pathes in postinst script: Closes: #656208 (Pocos).
* Patch AST-2012-002 Stack overflow in Milliwatt
(CVE-2012-1183): Closes: #664411.
* Two extra patches: Closes: #670180:
- Patch AST-2012-004 - further Manager permission fixes (CVE-2012-2414).
- Patch AST-2012-005 - Heap overflow in chan_skinny (CVE-2012-2415).
Checksums-Sha1:
39a654f665c9877b744da41c85415063c514645d 2219 asterisk_1.6.2.9-2+squeeze5.dsc
272ca90631534f1be876b1c647f4c748995a338e 95666
asterisk_1.6.2.9-2+squeeze5.debian.tar.gz
d22c86ddbccd2c7159794fc9e85a6456117d665c 1704596
asterisk-doc_1.6.2.9-2+squeeze5_all.deb
b504c38c20ef63650c296a2591b936a8ef1e5b75 636010
asterisk-dev_1.6.2.9-2+squeeze5_all.deb
fa24391b58a601f9f13d5c56fdf3a721b2a75567 2187404
asterisk-sounds-main_1.6.2.9-2+squeeze5_all.deb
401aad085b929b8af94883f0ed410a540ce0b6c3 716888
asterisk-config_1.6.2.9-2+squeeze5_all.deb
ab444f57366e641d752a26166c0a429e6be7eeb2 3600454
asterisk_1.6.2.9-2+squeeze5_amd64.deb
9da8b8e67f3ad878eac75f442f5e4ac83800a463 533716
asterisk-h323_1.6.2.9-2+squeeze5_amd64.deb
805a0c67df41ea85e179c0514aac9965aa6a0d71 20343088
asterisk-dbg_1.6.2.9-2+squeeze5_amd64.deb
Checksums-Sha256:
5554cc456c8090c283181a01ff9564b822a699dde53fad13fb9e9f49093c44d2 2219
asterisk_1.6.2.9-2+squeeze5.dsc
4dc90ee5deba709e886169118ac81c5f8b8ef26040f94ced9352771b40de1c52 95666
asterisk_1.6.2.9-2+squeeze5.debian.tar.gz
af239e5e4d8dba1ac64821df41b0fdf6f6fb14ddd59b53b53163c63a36f8de8d 1704596
asterisk-doc_1.6.2.9-2+squeeze5_all.deb
7843a5cae8b2437d357800021a9e006a01be510715efc361cafb096b3dea36b3 636010
asterisk-dev_1.6.2.9-2+squeeze5_all.deb
af6d122aed7482853a663232b32f2b79828f4a139e7114bd135f682751b056db 2187404
asterisk-sounds-main_1.6.2.9-2+squeeze5_all.deb
fd67292af699736009b311a3b13705fd77c6f3fe533cff1e52a867d3ab532d35 716888
asterisk-config_1.6.2.9-2+squeeze5_all.deb
49c94c01541eecc59f6088a9b25b2f240b07370fbcbe48861c550f9e38d097ab 3600454
asterisk_1.6.2.9-2+squeeze5_amd64.deb
4bf242a1095b356a0eee049e128ccd25a60b6fa06395c8258401c6a1b9b06520 533716
asterisk-h323_1.6.2.9-2+squeeze5_amd64.deb
f20b99640e9a9d60824c5a06904f5089fceee6d17bb021ec1a97a8f78e49c196 20343088
asterisk-dbg_1.6.2.9-2+squeeze5_amd64.deb
Files:
a85bafc2172ee137b83298adf9d02fe3 2219 comm optional
asterisk_1.6.2.9-2+squeeze5.dsc
755e034ce92db1d81ac6f4919aaeaa26 95666 comm optional
asterisk_1.6.2.9-2+squeeze5.debian.tar.gz
b7d8b907be2d7c0b9f79cace17c1ad6a 1704596 doc extra
asterisk-doc_1.6.2.9-2+squeeze5_all.deb
b1132fcb341709b8413e353aa2f7ec0f 636010 devel extra
asterisk-dev_1.6.2.9-2+squeeze5_all.deb
4da02fbf40c57e24e9ae31b68833f161 2187404 comm optional
asterisk-sounds-main_1.6.2.9-2+squeeze5_all.deb
3d527114409b9ff7b0e743efa71bb954 716888 comm optional
asterisk-config_1.6.2.9-2+squeeze5_all.deb
7f4ce857b2d6fbf1f7cff77806eb369e 3600454 comm optional
asterisk_1.6.2.9-2+squeeze5_amd64.deb
7d88d30157900f9f82d0279cfdca0aed 533716 comm optional
asterisk-h323_1.6.2.9-2+squeeze5_amd64.deb
17779d76a8f5aa8fd1aa780f1091a4eb 20343088 debug extra
asterisk-dbg_1.6.2.9-2+squeeze5_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk+X77gACgkQxArWdkN9MotMDQCeP6JLAXX37YWwlFxGQMnsbWwi
27QAn3c6NOrHD2q3EjQczDwNILKvW2vN
=SpfK
-----END PGP SIGNATURE-----
--- End Message ---
