On Fri, Jan 11, 2013 at 11:00:30PM +0000, Tzafrir Cohen wrote: > On Tue, Jan 08, 2013 at 06:49:56PM +0100, Moritz Mühlenhoff wrote: > > On Tue, Jan 08, 2013 at 02:45:59AM +0200, Tzafrir Cohen wrote: > > > Hi, > > > > > > On Wed, Jan 02, 2013 at 10:56:43PM +0100, Salvatore Bonaccorso wrote: > > > > Package: asterisk > > > > Severity: grave > > > > Tags: security > > > > Justification: user security hole > > > > > > > > -----BEGIN PGP SIGNED MESSAGE----- > > > > Hash: SHA512 > > > > > > > > Hi, > > > > > > > > the following vulnerabilities were published for asterisk. > > > > > > > > CVE-2012-5976[0]: > > > > Crashes due to large stack allocations when using TCP > > > > > > > > CVE-2012-5977[1]: > > > > Denial of Service Through Exploitation of Device State Caching > > > > > > > > If you fix the vulnerabilities please also make sure to include the > > > > CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. > > > > > > > > For further information see: > > > > > > > > [0] http://security-tracker.debian.org/tracker/CVE-2012-5976 > > > > [1] http://security-tracker.debian.org/tracker/CVE-2012-5977 > > > > > > > > Please adjust the affected versions in the BTS as needed. > > > > > > > > According to the advisories all 1.8.x versions seems affected. > > > > > > Likewise is version 1.6.2 from Stable. I have fixes ready. > > > > Ok, please upload to security-master once tests are sufficient. > > Uploaded.
It seems that there has been a bug with the patch for Stable (#698112, #698118): http://anonscm.debian.org/viewvc/pkg-voip?view=revision&revision=10073 I have prepared a fix for this (1:1.6.2.9-2+squeeze10). -- Tzafrir Cohen icq#16849755 jabber:tzafrir.co...@xorcom.com +972-50-7952406 mailto:tzafrir.co...@xorcom.com http://www.xorcom.com iax:gu...@local.xorcom.com/tzafrir -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
