Your message dated Thu, 01 Jan 2015 00:03:54 +0000 with message-id <e1y6tf4-0008ee...@franck.debian.org> and subject line Bug#771463: fixed in asterisk 1:11.13.1~dfsg-2 has caused the Debian Bug report #771463, regarding CVE-2014-8418 CVE-2014-8412 CVE-2014-8414 CVE-2014-8417 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 771463: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771463 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: asterisk Severity: grave Tags: security Please see http://downloads.digium.com/pub/security/AST-2014-018.html http://downloads.digium.com/pub/security/AST-2014-017.html http://downloads.digium.com/pub/security/AST-2014-014.html http://downloads.digium.com/pub/security/AST-2014-012.html Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: asterisk Source-Version: 1:11.13.1~dfsg-2 We believe that the bug you reported is fixed in the latest version of asterisk, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 771...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Tzafrir Cohen <tzaf...@debian.org> (supplier of updated asterisk package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 01 Jan 2015 01:25:11 +0200 Source: asterisk Binary: asterisk asterisk-modules asterisk-dahdi asterisk-vpb asterisk-voicemail asterisk-voicemail-imapstorage asterisk-voicemail-odbcstorage asterisk-ooh323 asterisk-mp3 asterisk-mysql asterisk-mobile asterisk-doc asterisk-dev asterisk-dbg asterisk-config Architecture: source amd64 all Version: 1:11.13.1~dfsg-2 Distribution: testing-proposed-updates Urgency: high Maintainer: Debian VoIP Team <pkg-voip-maintain...@lists.alioth.debian.org> Changed-By: Tzafrir Cohen <tzaf...@debian.org> Description: asterisk - Open Source Private Branch Exchange (PBX) asterisk-config - Configuration files for Asterisk asterisk-dahdi - DAHDI devices support for the Asterisk PBX asterisk-dbg - Debugging symbols for Asterisk asterisk-dev - Development files for Asterisk asterisk-doc - Source code documentation for Asterisk asterisk-mobile - Bluetooth phone support for the Asterisk PBX asterisk-modules - loadable modules for the Asterisk PBX asterisk-mp3 - MP3 playback support for the Asterisk PBX asterisk-mysql - MySQL database protocol support for the Asterisk PBX asterisk-ooh323 - H.323 protocol support for the Asterisk PBX - ooH323c asterisk-voicemail - simple voicemail support for the Asterisk PBX asterisk-voicemail-imapstorage - IMAP voicemail storage support for the Asterisk PBX asterisk-voicemail-odbcstorage - ODBC voicemail storage support for the Asterisk PBX asterisk-vpb - VoiceTronix devices support for the Asterisk PBX Closes: 771463 773230 Changes: asterisk (1:11.13.1~dfsg-2) testing-proposed-updates; urgency=high . * New upstream release: fixes AST-2014-011 (CVE-2014-3566, POODLE). * Add a local gbp.conf for branch jessie * New patches for recent security issues (Closes: #771463): - AST-2014-012 (CVE-2014-8412): Mixed IP address families in ACLs may permit unwanted traffic - AST-2014-014 (CVE-2014-8414): High call load may result in hung channels in ConfBridge - AST-2014-017 (CVE-2014-8417): Mark CONFBRIDGE as a sensitive function for external APIs - AST-2014-018 (CVE-2014-8418): Mark DB as a sensitive function for external APIs * AST-2014-019.patch (CVE-2014-9374): Remote Crash Vulnerability in WebSocket Server (Closes: #773230). * sanity check to avoid changing the ABI hash. Checksums-Sha1: 1aeb994100d66e0ae77e0af0b1f3cda5415c6970 3812 asterisk_11.13.1~dfsg-2.dsc b92cbc689bcdac2741e0b454659f9ee814db75c0 8272825 asterisk_11.13.1~dfsg.orig.tar.gz 520646ee880b970a216301f8887774e5c9780bde 105072 asterisk_11.13.1~dfsg-2.debian.tar.xz 86d9f07a1f5d3e7cc260aba12b2564b4f7715c26 1663046 asterisk_11.13.1~dfsg-2_amd64.deb d5a7ab07064cd8c9e6bd289ed88486c42ecdc742 2129724 asterisk-modules_11.13.1~dfsg-2_amd64.deb 80aeb0fc6227366f0c582bb18b3a1fe3e568f29a 704158 asterisk-dahdi_11.13.1~dfsg-2_amd64.deb 12b49c6797192dfe6af4e58a4000f3169c717fc8 508036 asterisk-vpb_11.13.1~dfsg-2_amd64.deb a8f5b3d18daf432bf8fcfc49de72b2ac14679bde 563736 asterisk-voicemail_11.13.1~dfsg-2_amd64.deb bdbf9ef9ff01caaba01e4e0f1dfaaf6dc3a0f0df 579766 asterisk-voicemail-imapstorage_11.13.1~dfsg-2_amd64.deb 468f2290d7bbc3519274f37dbd692bee4c9fa8b2 569862 asterisk-voicemail-odbcstorage_11.13.1~dfsg-2_amd64.deb 6ad4a11519b16b05fb0b2f6da39b496c0b5f8563 818740 asterisk-ooh323_11.13.1~dfsg-2_amd64.deb 44ce6f1a78ce831ebfabd38e2dffd78d78033948 503730 asterisk-mp3_11.13.1~dfsg-2_amd64.deb 0e9da946229ec02243481923c8c801e8d745e80d 521754 asterisk-mysql_11.13.1~dfsg-2_amd64.deb a5241e4e7ca3ff93bebbea3d197138b069059d54 513984 asterisk-mobile_11.13.1~dfsg-2_amd64.deb 877e716f21ec890a8beaa00e4908206a56f21fcb 2357822 asterisk-doc_11.13.1~dfsg-2_all.deb 03dcd57368ecf7a46f2c996c93d9fb5903bf1d77 791342 asterisk-dev_11.13.1~dfsg-2_all.deb f73c70b840f40ec54842c4c62f44c8f7e23e8bd7 6475740 asterisk-dbg_11.13.1~dfsg-2_amd64.deb 1d75d0a5499277d46417f05e9c0c8d2fedef0022 837472 asterisk-config_11.13.1~dfsg-2_all.deb Checksums-Sha256: 4c0ea63b08ff646baf4bb0309120335ba4d48ee9dc5c3a9343490318caf758dc 3812 asterisk_11.13.1~dfsg-2.dsc 1dc9c544f10f1e54bb5264d0a64d7d0648d4ebf1200d7c494bd8beddbb8d30ef 8272825 asterisk_11.13.1~dfsg.orig.tar.gz 9a1914d4d959296a3b4d2c6446391a48548d4ccd582287617e0d80f883acefaf 105072 asterisk_11.13.1~dfsg-2.debian.tar.xz 7c9d9d09ed1541684193e9c07db24ba2313f8a65dcc77bfb21ba225175936881 1663046 asterisk_11.13.1~dfsg-2_amd64.deb e2f78e33ed1251e0830b734c3061f523aff9f8789d81c2b01c8ea20733e3f6fc 2129724 asterisk-modules_11.13.1~dfsg-2_amd64.deb 9b0a0dc87c29a80b2bd513ced07eab149e64413eb7994205d77027f2e180757e 704158 asterisk-dahdi_11.13.1~dfsg-2_amd64.deb af7be968080ea8dbcc4d50de61e2025a7e5bc9d851d094ab2f0047424e0e4002 508036 asterisk-vpb_11.13.1~dfsg-2_amd64.deb 8f3f1b6c2ac07c17e4bd65341ec275d31c16cebf4670111fd53ae3f08715e7a6 563736 asterisk-voicemail_11.13.1~dfsg-2_amd64.deb 78d7e5382177aea53270fb80f5a3bfe8600482aeefb54ae999235917bd25cbec 579766 asterisk-voicemail-imapstorage_11.13.1~dfsg-2_amd64.deb 8b2fc272b6b1257e2713380ac4615b2fcfaf95d3c5294369abf33a99a71f1b87 569862 asterisk-voicemail-odbcstorage_11.13.1~dfsg-2_amd64.deb 42c2694ae49b9b9dd4b9352084000c56ca56b1f3e2163d1dc2f01fd4c41b7851 818740 asterisk-ooh323_11.13.1~dfsg-2_amd64.deb 2425e522f5658b7030b8fbf009b26c21508a4d06b6ab2bcb105b4457ffa65f33 503730 asterisk-mp3_11.13.1~dfsg-2_amd64.deb 7e1473c149dbdaf087cd2ca93bc34b118db37c52ea2184c846e6823f4f02b4ac 521754 asterisk-mysql_11.13.1~dfsg-2_amd64.deb 18d08fda847d042353790a1433eb3d1f9730a5f12cfa94a3eb188fa8669bf5f5 513984 asterisk-mobile_11.13.1~dfsg-2_amd64.deb 309939f214b6096be39ebd35765658af2152c8af24a5fc4399b56553a5c5bd1a 2357822 asterisk-doc_11.13.1~dfsg-2_all.deb 613c7115b53a14054408ac60fedce79144aaa46f4ac98e259e5355b0f59c39a6 791342 asterisk-dev_11.13.1~dfsg-2_all.deb 7ebcf5538c5269edd429eae185e29a923d1a17c6a411beba57683a89608b4966 6475740 asterisk-dbg_11.13.1~dfsg-2_amd64.deb 888fdacc1f1412e16c9edffbe9d2761748d88f0f19c0fec6e57081c65936337d 837472 asterisk-config_11.13.1~dfsg-2_all.deb Files: abf4d8f17a727147b18c833c9712ed0c 3812 comm optional asterisk_11.13.1~dfsg-2.dsc 8bb1f117c65b7ef28ec466ae4015a0ea 8272825 comm optional asterisk_11.13.1~dfsg.orig.tar.gz a2ddad140f0cb05e60f7d88895941c1f 105072 comm optional asterisk_11.13.1~dfsg-2.debian.tar.xz 63c8af1a6536791050f3b0a02a77963f 1663046 comm optional asterisk_11.13.1~dfsg-2_amd64.deb f4422001c58c1ca3e5ad94a72a1edc7e 2129724 libs optional asterisk-modules_11.13.1~dfsg-2_amd64.deb 32c5aa9f1c8db5ba96f037a4f7710e78 704158 comm optional asterisk-dahdi_11.13.1~dfsg-2_amd64.deb 3761d71edeb76f7f5f136e893a4c3783 508036 comm optional asterisk-vpb_11.13.1~dfsg-2_amd64.deb 72bd2ea1d5d62daaa6b233ce33a90e8b 563736 comm optional asterisk-voicemail_11.13.1~dfsg-2_amd64.deb 2770bac2aac20b90ca8c136b47f02aa9 579766 comm optional asterisk-voicemail-imapstorage_11.13.1~dfsg-2_amd64.deb a6c38b4f4002d52a789168b3f459ac02 569862 comm optional asterisk-voicemail-odbcstorage_11.13.1~dfsg-2_amd64.deb 7fae2f6cab644e768527293ba5c5696f 818740 comm optional asterisk-ooh323_11.13.1~dfsg-2_amd64.deb 7ea3c021a7dd5c4a584d040e55e7886f 503730 comm optional asterisk-mp3_11.13.1~dfsg-2_amd64.deb f9859786d68cf4b03e94598f164d7378 521754 comm optional asterisk-mysql_11.13.1~dfsg-2_amd64.deb e203846df505eeceb0776249f2eddd3c 513984 comm optional asterisk-mobile_11.13.1~dfsg-2_amd64.deb ee4745439d513ff47345de9a3c66ee55 2357822 doc extra asterisk-doc_11.13.1~dfsg-2_all.deb 328a50ccf7666d591f506db6c9d8c7da 791342 devel extra asterisk-dev_11.13.1~dfsg-2_all.deb 8d1998716eb450589f17b79455db59da 6475740 debug extra asterisk-dbg_11.13.1~dfsg-2_amd64.deb e08cebbf483f1a08e467c771e96627bf 837472 comm optional asterisk-config_11.13.1~dfsg-2_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQGcBAEBCAAGBQJUpIiaAAoJEI79TC8DJaDOe9AL/jBnqxZ0JJGEJ2nnetT/IoB4 NuFwJLeYpenelLHYfanvjbGfHifsfFVWHwYPSW6MgNaLGxlImq/QuAaffFvdpSJP KZ24vmoigY/jozzu/R+/ioHkmgLQpw0VKRjuj+XOk3mZ2/L7HXOJYcckrLO5gB1L ZqMc5T4UUKUvIA+gcI+bjked5zhtOymaKr6vGRd5KSoeACOOyWbf4IEfQTgGX2i/ 2E1JZpxpH80txUmgSlEopflYdL6lDcDtCrprXaWyTqoU085Zfx24PxRfEJC/m5M5 t/LpUscd2LYlC4MqYTbckqHLqKivEuBw0WShIMc1iBdWDVL5url/w7tUSrB1cCvU z5RzrK+Z4n+ACMJgu08fToWfoota1j7vH04+VX+5fiXZpwhNYcVZnDSyY41NQcFb Zri68pmoXSJsNcEgsNRXZTk+U5d4g5JBxpo9zoBEwFeM59722gwW/viOtV3B2XpH zibFUBZb6i2K+tE6MvSKChrk2WU1n07jKo12lVHfMg== =Q5V7 -----END PGP SIGNATURE-----
--- End Message ---
