Your message dated Sun, 23 Apr 2006 07:47:09 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#364195: fixed in asterisk 1:1.2.7.1.dfsg-2
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: asterisk
Severity: grave
Tags: security
Justification: user security hole
CVE-2006-1827:
Integer signedness error in format_jpeg.c in Asterisk 1.2.6 and
earlier allows remote attackers to execute arbitrary code via a length
value that passes a length check as a negative number, but triggers a
buffer overflow when it is used as an unsigned length.
This is fixed in 1.2.7.
Please mention the CVE-id in the changelog.
--- End Message ---
--- Begin Message ---
Source: asterisk
Source-Version: 1:1.2.7.1.dfsg-2
We believe that the bug you reported is fixed in the latest version of
asterisk, which is due to be installed in the Debian FTP archive:
asterisk-bristuff_1.2.7.1.dfsg-2_i386.deb
to pool/main/a/asterisk/asterisk-bristuff_1.2.7.1.dfsg-2_i386.deb
asterisk-classic_1.2.7.1.dfsg-2_i386.deb
to pool/main/a/asterisk/asterisk-classic_1.2.7.1.dfsg-2_i386.deb
asterisk-config_1.2.7.1.dfsg-2_all.deb
to pool/main/a/asterisk/asterisk-config_1.2.7.1.dfsg-2_all.deb
asterisk-dev_1.2.7.1.dfsg-2_all.deb
to pool/main/a/asterisk/asterisk-dev_1.2.7.1.dfsg-2_all.deb
asterisk-doc_1.2.7.1.dfsg-2_all.deb
to pool/main/a/asterisk/asterisk-doc_1.2.7.1.dfsg-2_all.deb
asterisk-h323_1.2.7.1.dfsg-2_i386.deb
to pool/main/a/asterisk/asterisk-h323_1.2.7.1.dfsg-2_i386.deb
asterisk-sounds-main_1.2.7.1.dfsg-2_all.deb
to pool/main/a/asterisk/asterisk-sounds-main_1.2.7.1.dfsg-2_all.deb
asterisk-web-vmail_1.2.7.1.dfsg-2_all.deb
to pool/main/a/asterisk/asterisk-web-vmail_1.2.7.1.dfsg-2_all.deb
asterisk_1.2.7.1.dfsg-2.diff.gz
to pool/main/a/asterisk/asterisk_1.2.7.1.dfsg-2.diff.gz
asterisk_1.2.7.1.dfsg-2.dsc
to pool/main/a/asterisk/asterisk_1.2.7.1.dfsg-2.dsc
asterisk_1.2.7.1.dfsg-2_all.deb
to pool/main/a/asterisk/asterisk_1.2.7.1.dfsg-2_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Mark Purcell <[EMAIL PROTECTED]> (supplier of updated asterisk package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sun, 23 Apr 2006 13:26:29 +0100
Source: asterisk
Binary: asterisk-h323 asterisk-web-vmail asterisk asterisk-classic asterisk-dev
asterisk-doc asterisk-sounds-main asterisk-bristuff asterisk-config
Architecture: source all i386
Version: 1:1.2.7.1.dfsg-2
Distribution: unstable
Urgency: high
Maintainer: Debian VoIP Team <[EMAIL PROTECTED]>
Changed-By: Mark Purcell <[EMAIL PROTECTED]>
Description:
asterisk - Open Source Private Branch Exchange (PBX) - dummy package
asterisk-bristuff - Open Source Private Branch Exchange (PBX) -
BRIstuff-enabled vers
asterisk-classic - Open Source Private Branch Exchange (PBX) - original Digium
versi
asterisk-config - config files for asterisk
asterisk-dev - development files for asterisk
asterisk-doc - documentation for asterisk
asterisk-h323 - asterisk H.323 VoIP channel
asterisk-sounds-main - sound files for asterisk
asterisk-web-vmail - Web-based (CGI) voice mail interface for Asterisk
Closes: 359970 360181 360220 360233 364195
Changes:
asterisk (1:1.2.7.1.dfsg-2) unstable; urgency=high
.
[ Kilian Krause ]
* Urgency bumped since 1.2.7 is a security update [CVE-2006-1827]
(Closes: #364195)
.
[ Mark Purcell ]
* Previous Upload also fixes:
- cannot install - directories not created (Closes: #360233)
- package uninstallable (Closes: #359970)
* Update postinst to fix: fails to upgrade when /etc/asterisk/voicemail.conf
is deleted (Closes: #360220)
* Link debian/asterisk-bristuff.asterisk.{logrotate,init} &
provide debian/asterisk-classic.asterisk.logfile
- Fixes: init.d and logrotate.d conflicts (Closes: #360181)
Files:
a5e8dc639af412de5679b33607e3d572 1399 comm optional asterisk_1.2.7.1.dfsg-2.dsc
580f2d075c29e381d763e2ff6d397b9a 141628 comm optional
asterisk_1.2.7.1.dfsg-2.diff.gz
a12140a77feedcbe7d00baf0751cb023 218304 comm optional
asterisk_1.2.7.1.dfsg-2_all.deb
ffd5e6ffd06c0955686afdf40e19e460 18810280 doc optional
asterisk-doc_1.2.7.1.dfsg-2_all.deb
db8d32add93edc7a39ef86f254bcd853 143952 devel optional
asterisk-dev_1.2.7.1.dfsg-2_all.deb
9bd800da31bd7c3334e82b0b7513af8f 1475216 comm optional
asterisk-sounds-main_1.2.7.1.dfsg-2_all.deb
3eac43034aaf83db5135589db8527737 48344 comm optional
asterisk-web-vmail_1.2.7.1.dfsg-2_all.deb
bf0fb65bb22807c363c6bee3499cf1d2 104526 comm optional
asterisk-config_1.2.7.1.dfsg-2_all.deb
d5d8b18db59496f6e971dfdfdd4df54e 1641190 comm optional
asterisk-classic_1.2.7.1.dfsg-2_i386.deb
67caa0a400e8f02321f0e1a2d0c27d22 1669424 comm optional
asterisk-bristuff_1.2.7.1.dfsg-2_i386.deb
68c11622a96064985ef95b4dd6b42432 108972 comm optional
asterisk-h323_1.2.7.1.dfsg-2_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFES43YoCzanz0IthIRAtBDAJ0Qv74iqaBbCC/tFBBsyAsq1ng60wCcDHb3
nwltbR7BqYHD97KzA51Ysvs=
=qCCR
-----END PGP SIGNATURE-----
--- End Message ---
