Your message dated Sat, 23 Sep 2017 19:35:06 +0000 with message-id <e1dvqcg-000fbb...@fasolo.debian.org> and subject line Bug#876328: fixed in asterisk 1:13.17.2~dfsg-1 has caused the Debian Bug report #876328, regarding asterisk: CVE-2017-14603: RTP/RTCP information leak (AST-2017-008) to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 876328: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876328 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: asterisk Version: 1:13.17.1~dfsg-1 Severity: grave Tags: patch security upstream Hi, the following vulnerability was published for asterisk. CVE-2017-14603[0]: followup-to AST-2017-005: RTP/RTCP information leak If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-14603 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14603 [1] http://downloads.asterisk.org/pub/security/AST-2017-008.html Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: asterisk Source-Version: 1:13.17.2~dfsg-1 We believe that the bug you reported is fixed in the latest version of asterisk, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 876...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Bernhard Schmidt <be...@debian.org> (supplier of updated asterisk package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 23 Sep 2017 20:41:06 +0200 Source: asterisk Binary: asterisk asterisk-modules asterisk-dahdi asterisk-vpb asterisk-voicemail asterisk-voicemail-imapstorage asterisk-voicemail-odbcstorage asterisk-ooh323 asterisk-mp3 asterisk-mysql asterisk-mobile asterisk-tests asterisk-doc asterisk-dev asterisk-config Architecture: source Version: 1:13.17.2~dfsg-1 Distribution: unstable Urgency: high Maintainer: Debian VoIP Team <pkg-voip-maintain...@lists.alioth.debian.org> Changed-By: Bernhard Schmidt <be...@debian.org> Description: asterisk - Open Source Private Branch Exchange (PBX) asterisk-config - Configuration files for Asterisk asterisk-dahdi - DAHDI devices support for the Asterisk PBX asterisk-dev - Development files for Asterisk asterisk-doc - Source code documentation for Asterisk asterisk-mobile - Bluetooth phone support for the Asterisk PBX asterisk-modules - loadable modules for the Asterisk PBX asterisk-mp3 - MP3 playback support for the Asterisk PBX asterisk-mysql - MySQL database protocol support for the Asterisk PBX asterisk-ooh323 - H.323 protocol support for the Asterisk PBX - ooH323c asterisk-tests - internal test modules of the Asterisk PBX asterisk-voicemail - simple voicemail support for the Asterisk PBX asterisk-voicemail-imapstorage - IMAP voicemail storage support for the Asterisk PBX asterisk-voicemail-odbcstorage - ODBC voicemail storage support for the Asterisk PBX asterisk-vpb - VoiceTronix devices support for the Asterisk PBX Closes: 876328 Changes: asterisk (1:13.17.2~dfsg-1) unstable; urgency=high . * New upstream version 13.17.2~dfsg - CVE-2017-14603 / AST-2017-008 This is a follow-up for AST-2017-005: RTP/RTCP information leak improving robustness of the security fix and fixing a regression with re-INVITEs (Closes: #876328) Checksums-Sha1: ef0627eddbf392c2780648a5a57759b4446fbb51 4268 asterisk_13.17.2~dfsg-1.dsc ab66abe155fa42e6e53ef3db54a8319d31acf3f9 6229408 asterisk_13.17.2~dfsg.orig.tar.xz 9cbffc2c2aaadcdce87814235fc0670bf8d7589d 168464 asterisk_13.17.2~dfsg-1.debian.tar.xz 4226c68da4a5dd5ce91d3e47e6f13db9b0264710 27353 asterisk_13.17.2~dfsg-1_amd64.buildinfo Checksums-Sha256: 9554380b8410b7c74e99259f08200f2965eea05574d7224fc7ecd4ba506d4e68 4268 asterisk_13.17.2~dfsg-1.dsc 64cb6072183cfa635db56206bf7ba1dd761d7e067eaa83edbc23fb3c870bd086 6229408 asterisk_13.17.2~dfsg.orig.tar.xz 16416666303bbe2fc4ff099d81a126c4fdcb0cc1674939d1234ac422beb30b06 168464 asterisk_13.17.2~dfsg-1.debian.tar.xz 133760251d48c437362ca4ce4d1c3cd63213494ed2f870250052808b846e4593 27353 asterisk_13.17.2~dfsg-1_amd64.buildinfo Files: 5a1291768615277d1879f4eecf1ff702 4268 comm optional asterisk_13.17.2~dfsg-1.dsc e8c2f7567646cc2bf2a1a5203637daef 6229408 comm optional asterisk_13.17.2~dfsg.orig.tar.xz fa7c6ca22767ad456f16fcc3c6262252 168464 comm optional asterisk_13.17.2~dfsg-1.debian.tar.xz ee681097917d19d1aa9845ebd77f6c9e 27353 comm optional asterisk_13.17.2~dfsg-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQJFBAEBCAAvFiEE1uAexRal3873GVbTd1B55bhQvJMFAlnGrr8RHGJlcm5pQGRl Ymlhbi5vcmcACgkQd1B55bhQvJOWFRAAl++2sGv0jHlq1Jd3FI2kZIwwL1cvKFwg MaRgC6KuUo5mUJT4Ys0FK/f99TfneXSkZDrDl9TRvi5BVzJwmeOTmYgS0asybbe9 jCi2M+j+/dhv1k6mBmfHOUCHzu4e1LnsLDcKyBXxDhR+SlpgUHZDNrp/T5RSP9di xNV4w3wtL7lyWHbQHykQMobVi/Cf7p+Czg4wkU/dQ6TarWXAahBJpEg6xdCYlIPz +EBJXvnNIx8j5+o8kYPlpQPIy/W5BP1M21Yp6/Y1x6+oc9HFFu1iUYEGf6xZRM8+ O5weqxskm6r93w9BO8NoOqgiXCSWMWJ5khW0Y11HqoV7btZTc3NTJ/7XVLmUBKKY +YnTdxa7+RFY4wDUngYX/0sBAXw20IiAWawc3UzP0N42xYjpQGbp3ul4l+RmHnGW cPcMun/LDi6YMyyDLad98wOhVHp2FePW9lHWrpR/SWpQ1XBGar3dCscH1lCGHGpK to2bq2XMyY8f8o1Hvdp8SEqL5tvQvmji3lFPzHcCfMLovVbdr2GB72c/XKjm1vnq NajzpzmlR38qkDr9ecSGb3/dTrKML0Z7qeh21gqyxOKHS6IGhP5cFxVE+UBW3fWB 1xNA9FVfcwWM1QaYn05Zw+pneIi+3pKFPxmadaeCWX1TTdsZvl1cyIqeRke20N30 3/32PJ4fhv4= =zYu6 -----END PGP SIGNATURE-----
--- End Message ---
