Your message dated Fri, 06 Aug 2021 14:33:30 +0000 with message-id <e1mc0ug-0006rx...@fasolo.debian.org> and subject line Bug#991931: fixed in asterisk 1:16.16.1~dfsg-2 has caused the Debian Bug report #991931, regarding CVE-2021-32686 / AST-2021-009: pjproject/pjsip: crash when SSL socket destroyed during handshake to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 991931: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991931 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: src:asterisk Severity: serious Tags: security upstream patch https://downloads.asterisk.org/pub/security/AST-2021-009.html Summary: pjproject/pjsip: crash when SSL socket destroyed during handshake Nature of Advisory: Denial of service Susceptibility: Remote unauthenticated sessions Severity: Major Exploits Known: Yes Description | Depending on the timing, it’s possible for Asterisk to crash when using a TLS | connection if the underlying socket parent/listener gets destroyed during the | handshake.
--- End Message ---
--- Begin Message ---Source: asterisk Source-Version: 1:16.16.1~dfsg-2 Done: Bernhard Schmidt <be...@debian.org> We believe that the bug you reported is fixed in the latest version of asterisk, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 991...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Bernhard Schmidt <be...@debian.org> (supplier of updated asterisk package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 06 Aug 2021 15:35:20 +0200 Source: asterisk Architecture: source Version: 1:16.16.1~dfsg-2 Distribution: unstable Urgency: high Maintainer: Debian VoIP Team <pkg-voip-maintain...@lists.alioth.debian.org> Changed-By: Bernhard Schmidt <be...@debian.org> Closes: 991710 991931 Changes: asterisk (1:16.16.1~dfsg-2) unstable; urgency=high . * CVE-2021-32558 / AST-2021-008 (Closes: #991710) If the IAX2 channel driver receives a packet that contains an unsupported media format it can cause a crash to occur in Asterisk * CVE-2021-32686 / AST-2021-009 (Closes: #991931) pjproject/pjsip: crash when SSL socket destroyed during handshake Checksums-Sha1: fb0b4469160b4de496c70f11651d8200e78f54ed 4201 asterisk_16.16.1~dfsg-2.dsc 090a55a66d48f81af44ab87c05ff298f2f5b6904 5953392 asterisk_16.16.1~dfsg-2.debian.tar.xz 56f3f97ccdc63b567a1470e4e8177c73b87fc10d 27220 asterisk_16.16.1~dfsg-2_amd64.buildinfo Checksums-Sha256: 101fed7a56cd8ff8134a259ab9ace703ec668d3a3c49ccfe8642660678039d1c 4201 asterisk_16.16.1~dfsg-2.dsc e71bd3ba072e972fae139e4034b1cb754462d87e6497bf2110bdd20b8b8db75d 5953392 asterisk_16.16.1~dfsg-2.debian.tar.xz 21b31488ea06d219818303f3c9e8829b0a0d1c551c9276e00a24758548cfa89e 27220 asterisk_16.16.1~dfsg-2_amd64.buildinfo Files: 64f9639acc462fe9f4317ecd1fff4064 4201 comm optional asterisk_16.16.1~dfsg-2.dsc c9f8767a901f071ccc9cb1601b0d0716 5953392 comm optional asterisk_16.16.1~dfsg-2.debian.tar.xz 4f3170154c94066df1d4dea5f5ebb5a2 27220 comm optional asterisk_16.16.1~dfsg-2_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQJFBAEBCgAvFiEE1uAexRal3873GVbTd1B55bhQvJMFAmENQboRHGJlcm5pQGRl Ymlhbi5vcmcACgkQd1B55bhQvJO/vBAAlv3WzhViB/D4PT4kFgBe8bJRlqlQLj4A 4up4A5X03OBDipEe3XMK4U/h6zpVaJXxIjOQ5u8o8Y53GJhLwzp350AUKzruSH2w EThD+xdyUTJVmwxTr3mhUbtEW+yBkKB+zZitCWJFYQxzSrqfacISzszentOaba33 bjLtMrzb3HX9qn0BqGALm6o05Hc2AiU+zz3cwLr9dRo6njnxrGYgTAN0HT4erl9A n1hi7NctJ8qT0Ws093A0PvHmoCAFr51ap6vwfbAFbMXy8Ef/q9vCWqJRwkwWpBVc nOCNvwqAYKlduVeA+q06wLpwUNDWIpLo+irXfVsHubYXYpvnHFPfqrrhtxsI4+Z/ fPPCIu0sPZNx9/i6rQC4TQb3IgL4CjeOtv2YNwSbNCSsHvjyDYslL2jJphi18uai c7rwoL+MeF/5+XvgUSa3Vjc26kZSNBybxTHhyJn+fcFEOcgZUsK3IcL/dw8oPReZ giMguyPERAmlheeao2nl/vYeH29yu38ghlOFY6KUFHzwvGd8Su4vowDviCUO8Axm W6iAOxQtDKb87VW0uTLCSufwkQF1DLNkr2WsTrVQiKJ88Ugby2lW6hb8HGfxR9SZ gEUO150r5sfzqUFaz0Gj5l+dVfR/FmNRijZX5wx2BlQTBajTO38DiJ7pHIeAFSBE 3tluT8yVNG0= =jBZ0 -----END PGP SIGNATURE-----
--- End Message ---
