Bug#771463: marked as done (CVE-2014-8418 CVE-2014-8412 CVE-2014-8414 CVE-2014-8417)

Wed, 31 Dec 2014 14:06:53 -0800 

Your message dated Wed, 31 Dec 2014 22:03:55 +0000
with message-id <e1y6rmx-0001m8...@franck.debian.org>
and subject line Bug#771463: fixed in asterisk 1:13.1.0~dfsg-1
has caused the Debian Bug report #771463,
regarding CVE-2014-8418 CVE-2014-8412 CVE-2014-8414 CVE-2014-8417
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
771463: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771463
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Source: asterisk
Severity: grave
Tags: security

Please see
http://downloads.digium.com/pub/security/AST-2014-018.html
http://downloads.digium.com/pub/security/AST-2014-017.html
http://downloads.digium.com/pub/security/AST-2014-014.html
http://downloads.digium.com/pub/security/AST-2014-012.html

Cheers,
        Moritz

--- End Message ---
--- Begin Message --- 
Source: asterisk
Source-Version: 1:13.1.0~dfsg-1

We believe that the bug you reported is fixed in the latest version of
asterisk, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 771...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Tzafrir Cohen <tzaf...@debian.org> (supplier of updated asterisk package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 31 Dec 2014 14:58:53 +0200
Source: asterisk
Binary: asterisk asterisk-modules asterisk-dahdi asterisk-vpb 
asterisk-voicemail asterisk-voicemail-imapstorage 
asterisk-voicemail-odbcstorage asterisk-ooh323 asterisk-mp3 asterisk-mysql 
asterisk-mobile asterisk-doc asterisk-dev asterisk-dbg asterisk-config
Architecture: source amd64 all
Version: 1:13.1.0~dfsg-1
Distribution: unstable
Urgency: high
Maintainer: Debian VoIP Team <pkg-voip-maintain...@lists.alioth.debian.org>
Changed-By: Tzafrir Cohen <tzaf...@debian.org>
Description:
 asterisk   - Open Source Private Branch Exchange (PBX)
 asterisk-config - Configuration files for Asterisk
 asterisk-dahdi - DAHDI devices support for the Asterisk PBX
 asterisk-dbg - Debugging symbols for Asterisk
 asterisk-dev - Development files for Asterisk
 asterisk-doc - Source code documentation for Asterisk
 asterisk-mobile - Bluetooth phone support for the Asterisk PBX
 asterisk-modules - loadable modules for the Asterisk PBX
 asterisk-mp3 - MP3 playback support for the Asterisk PBX
 asterisk-mysql - MySQL database protocol support for the Asterisk PBX
 asterisk-ooh323 - H.323 protocol support for the Asterisk PBX - ooH323c
 asterisk-voicemail - simple voicemail support for the Asterisk PBX
 asterisk-voicemail-imapstorage - IMAP voicemail storage support for the 
Asterisk PBX
 asterisk-voicemail-odbcstorage - ODBC voicemail storage support for the 
Asterisk PBX
 asterisk-vpb - VoiceTronix devices support for the Asterisk PBX
Closes: 742783 760032 771463 772469 773230
Changes:
 asterisk (1:13.1.0~dfsg-1) unstable; urgency=high
 .
   [ Tzafrir Cohen ]
   * New upstream release, fixes various security holes (Closes: #771463):
     - AST-2014-012 (CVE-2014-8412): Mixed IP address families in ACLs
       may permit unwanted traffic
     - AST-2014-013 (CVE-2014-8413): PJSIP ACLs not loaded at startup
     - AST-2014-014 (CVE-2014-8414): High call load may result in hung
       channels in ConfBridge
     - AST-2014-015 (CVE-2014-8415): Remote Crash Vulnerability in PJSIP
       channel driver
     - AST-2014-016 (CVE-2014-8416): Remote Crash Vulnerability in PJSIP
       channel driver
     - AST-2014-017 (CVE-2014-8417): Mark CONFBRIDGE as a sensitive
       function for external APIs
     - AST-2014-018 (CVE-2014-8418): Mark DB as a sensitive function for
       external APIs
     - AST-2014-019.patch (CVE-2014-9374): Remote Crash Vulnerability in
     WebSocket Server (Closes: #773230).
   * The key file better be ascii-armoured, indeed
   * init script: kill with PID (Closes: #742783)
   * Describe patch astdatadir
 .
   [ Stappers Geert ]
   * new file: debian/README.source (Closes: #772469).
   * asterisk-config-custom (Closes: #760032)
Checksums-Sha1:
 95c7e8237442a9e78ffdad7bb8d5ce058e1c76bb 3888 asterisk_13.1.0~dfsg-1.dsc
 8c6465147bca919851d5072a83ef52172cde86f0 7972063 
asterisk_13.1.0~dfsg.orig.tar.gz
 c3e9a110d410fa2f98d4437faf05f26db92b05c3 100844 
asterisk_13.1.0~dfsg-1.debian.tar.xz
 5487a8d311203acb54fee710ca33ae624e5e3f04 1754796 
asterisk_13.1.0~dfsg-1_amd64.deb
 ee4aa640f20bd281841242b301dbcb5f754b878d 2453082 
asterisk-modules_13.1.0~dfsg-1_amd64.deb
 664ed5f1ff144093083585ef1229114fbedf8d39 557162 
asterisk-dahdi_13.1.0~dfsg-1_amd64.deb
 705c7db4c2161e1352310a1c45b5cd3020749d5b 368776 
asterisk-vpb_13.1.0~dfsg-1_amd64.deb
 9926ec320a3a97a9967b37a2ef201b24200a4a9c 428264 
asterisk-voicemail_13.1.0~dfsg-1_amd64.deb
 ff7815853425f1d3ef153334e8eb4f924250aef2 444632 
asterisk-voicemail-imapstorage_13.1.0~dfsg-1_amd64.deb
 0e54ba4a19a246ab35b5a4fe85b7bef6bccef678 434422 
asterisk-voicemail-odbcstorage_13.1.0~dfsg-1_amd64.deb
 b38b5f787b5d1f5808fa757d1b4a9039cbcdd387 681464 
asterisk-ooh323_13.1.0~dfsg-1_amd64.deb
 f472c3a82f8b51311e877ec5582334a3c5337eb6 365682 
asterisk-mp3_13.1.0~dfsg-1_amd64.deb
 ae49afc64ec370b00a92aa5df8289779ef5c0603 383876 
asterisk-mysql_13.1.0~dfsg-1_amd64.deb
 979373ff8728af59d2f90979e6a30a7fa9a95134 376734 
asterisk-mobile_13.1.0~dfsg-1_amd64.deb
 3da8daf12a40872d080afd95b1c48ba0ffe326f1 1052666 
asterisk-doc_13.1.0~dfsg-1_all.deb
 75858a0c75df3619c34751cf4521c52a2bda4c62 757204 
asterisk-dev_13.1.0~dfsg-1_all.deb
 9bfd24927f87edbd82778d32477cd58b16be4999 12044190 
asterisk-dbg_13.1.0~dfsg-1_amd64.deb
 d6e8c37f32762e0c3cdb2862573509a006dbefb7 722092 
asterisk-config_13.1.0~dfsg-1_all.deb
Checksums-Sha256:
 556ae663b73aad52d0566f1865d4698be57df016f248091941092d6c7cebebc7 3888 
asterisk_13.1.0~dfsg-1.dsc
 b6369313d180e4e358bede94f34fbb2dbe164d4e263fb76d920d636a4f6d5048 7972063 
asterisk_13.1.0~dfsg.orig.tar.gz
 f3d431261109e4df82764dca61164dde20a0c6bba2d2eccc65ea4912b37b7f39 100844 
asterisk_13.1.0~dfsg-1.debian.tar.xz
 dfd7e73567c8e5475bc500624c8f96b80c0982323845a57a1f5faa242774da62 1754796 
asterisk_13.1.0~dfsg-1_amd64.deb
 a1f321ce6dafd29cbf82188dec5a813f20e1dee75ae1c6e04cb2e9dad4103827 2453082 
asterisk-modules_13.1.0~dfsg-1_amd64.deb
 0dfd62805c8ea19bb8b386589fb70f47c25efaf4fd17df7a8cd1a84b46852b74 557162 
asterisk-dahdi_13.1.0~dfsg-1_amd64.deb
 3e4f359855741d257956be1aefcdd36378f1f27c5a932e6b413b4fa15f4b1d39 368776 
asterisk-vpb_13.1.0~dfsg-1_amd64.deb
 efefd418fe87c0b40a978b7fdd4620a6e1f59dc3f452aa160017ff9e6275d31a 428264 
asterisk-voicemail_13.1.0~dfsg-1_amd64.deb
 5cc19987fdc28a5e0b5877630ab98b8ea4253945df471fcd976a59eca02f782e 444632 
asterisk-voicemail-imapstorage_13.1.0~dfsg-1_amd64.deb
 19c70f64056018f53fa6dbf2cfa9e151cae197ddc63c9a7a66032455e88f79a4 434422 
asterisk-voicemail-odbcstorage_13.1.0~dfsg-1_amd64.deb
 35272046ac3bae2be4b51cff568434dc3ec02dcb749aef84e03385df6019fce9 681464 
asterisk-ooh323_13.1.0~dfsg-1_amd64.deb
 16a742152ebf7aa6e67617ae0bdbe4296ea5e6a0b5161248314ae893ea3ecc5a 365682 
asterisk-mp3_13.1.0~dfsg-1_amd64.deb
 0b4174570bcd89ddccbae862811f08c3ab2a27e79dc6c945c2d1c22fd31d1c6d 383876 
asterisk-mysql_13.1.0~dfsg-1_amd64.deb
 a5b25eb9b6cf2d0b637bf2b305f4f189a99f703e87737ae0fee4c33199675230 376734 
asterisk-mobile_13.1.0~dfsg-1_amd64.deb
 7901beae9b05ce5a317c378e9c4942ea0172a1ebde3573a14133aae3b74e923f 1052666 
asterisk-doc_13.1.0~dfsg-1_all.deb
 0d4547debc2605479d968cf3501423c66de38c91f2398ce87d8622a671e7e6af 757204 
asterisk-dev_13.1.0~dfsg-1_all.deb
 cea9b1bc49be8ae03cd6dfe5842fe05c37dd002c8475e8111c48dad5e73062e7 12044190 
asterisk-dbg_13.1.0~dfsg-1_amd64.deb
 8916dba06ff7dd0bdb9504550d504e73f1124fec613e4fcb7aa9ed40eb1049f9 722092 
asterisk-config_13.1.0~dfsg-1_all.deb
Files:
 1f282b8fc17636fafdcf78c580719893 3888 comm optional asterisk_13.1.0~dfsg-1.dsc
 0193e66ff8a6e6006536e61971edf8bb 7972063 comm optional 
asterisk_13.1.0~dfsg.orig.tar.gz
 28089944b68896837db1f62c1452dd48 100844 comm optional 
asterisk_13.1.0~dfsg-1.debian.tar.xz
 41d03fe59e205faeba4a3e59b288d392 1754796 comm optional 
asterisk_13.1.0~dfsg-1_amd64.deb
 f642b434369180cbbac3b7fdeab17d44 2453082 libs optional 
asterisk-modules_13.1.0~dfsg-1_amd64.deb
 dc12b1ac478e6959beb87b5264cf6d52 557162 comm optional 
asterisk-dahdi_13.1.0~dfsg-1_amd64.deb
 081d445861d1a89d9833b6f4e47d0dfb 368776 comm optional 
asterisk-vpb_13.1.0~dfsg-1_amd64.deb
 24d5ded3e7ea8022e2024585773bc4d2 428264 comm optional 
asterisk-voicemail_13.1.0~dfsg-1_amd64.deb
 b561c49790c73c35d7374ea2e06a0221 444632 comm optional 
asterisk-voicemail-imapstorage_13.1.0~dfsg-1_amd64.deb
 a470c26a9fab930644628f09bf18a879 434422 comm optional 
asterisk-voicemail-odbcstorage_13.1.0~dfsg-1_amd64.deb
 2827416d578a4c4df26c3074a0244ef2 681464 comm optional 
asterisk-ooh323_13.1.0~dfsg-1_amd64.deb
 b46906473d4a03eb9c8c1c0691ed65ff 365682 comm optional 
asterisk-mp3_13.1.0~dfsg-1_amd64.deb
 54dc69b8610b0113ca046000e222b182 383876 comm optional 
asterisk-mysql_13.1.0~dfsg-1_amd64.deb
 458038cfedc9e65f6422c098eb8988e0 376734 comm optional 
asterisk-mobile_13.1.0~dfsg-1_amd64.deb
 1046c3f3151881e9c06c2e7557b15eeb 1052666 doc extra 
asterisk-doc_13.1.0~dfsg-1_all.deb
 dadbdf96a08fbdeefdb224b02de74638 757204 devel extra 
asterisk-dev_13.1.0~dfsg-1_all.deb
 9d9da9789158464cbb41b88f91aa4d91 12044190 debug extra 
asterisk-dbg_13.1.0~dfsg-1_amd64.deb
 7d64278105023efe9dba31536ad13e2c 722092 comm optional 
asterisk-config_13.1.0~dfsg-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQGcBAEBCAAGBQJUpG3lAAoJEI79TC8DJaDOjegMAJ0OOjjCeQgplR6KBkQ3UItr
DL0LL0mlwAwsUv8t0hYSFPbuoz7lmgLXNSRjFmTgXwmIHBstekDbzTXSTfPsrA6+
FVhaE5RlThvnud//aKijXeCFd9oOPC2g27z47XI+EkBcCtLBgSGaUpjcaRAqQye2
fCXwJXb304mVGCHPmopoKUOroHSlFVKxNHhhXFXuhd+OsUr8xuCh8NsSagPh4K3W
4dOXk3dntfv4Ghq2/IKZjFRTEEgWYh14f8sLkUxxBpqSkk4KyK0fKg3FduJD/OQ1
uwxBcpMaJhObEA+FVA/CkrkaOHH+sbPTU/AyH8TWazamYKGVpm5jBPuITUHwqqiK
kso++zmiMumuIb9M83nJeZ0L37egrNz5fnUZRVvzdwRFin9c/09CIFIDNlEipJVc
WCyDue1lRP9S32diXLofukjRmLZoOZiM/u6LamtawvAmLe/qgiM720mvCR47sfNc
rs/kgsnFK1pMjyiPDXPkrV2uqF5LgYRKCPFuPSsPWQ==
=Jahp
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to