Your message dated Sat, 02 Sep 2006 10:17:06 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#385060: fixed in asterisk 1:1.2.11.dfsg-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: asterisk
Severity: grave
Tags: security
Justification: user security hole
Hi,
according to [1] asterisk 1.2.11 fixes a buffer overflow in the asterisk MGCP
implementation that allows an attacker to execute arbitrary code.
Since I don't use asterisk, I don't know whether this is actually included in
the Debian package. Please close or adjust the severity as appropriate.
Cheers,
Stefan
[1] http://secunia.com/advisories/21600/
--- End Message ---
--- Begin Message ---
Source: asterisk
Source-Version: 1:1.2.11.dfsg-1
We believe that the bug you reported is fixed in the latest version of
asterisk, which is due to be installed in the Debian FTP archive:
asterisk-bristuff_1.2.11.dfsg-1_i386.deb
to pool/main/a/asterisk/asterisk-bristuff_1.2.11.dfsg-1_i386.deb
asterisk-classic_1.2.11.dfsg-1_i386.deb
to pool/main/a/asterisk/asterisk-classic_1.2.11.dfsg-1_i386.deb
asterisk-config_1.2.11.dfsg-1_all.deb
to pool/main/a/asterisk/asterisk-config_1.2.11.dfsg-1_all.deb
asterisk-dev_1.2.11.dfsg-1_all.deb
to pool/main/a/asterisk/asterisk-dev_1.2.11.dfsg-1_all.deb
asterisk-doc_1.2.11.dfsg-1_all.deb
to pool/main/a/asterisk/asterisk-doc_1.2.11.dfsg-1_all.deb
asterisk-h323_1.2.11.dfsg-1_i386.deb
to pool/main/a/asterisk/asterisk-h323_1.2.11.dfsg-1_i386.deb
asterisk-sounds-main_1.2.11.dfsg-1_all.deb
to pool/main/a/asterisk/asterisk-sounds-main_1.2.11.dfsg-1_all.deb
asterisk-web-vmail_1.2.11.dfsg-1_all.deb
to pool/main/a/asterisk/asterisk-web-vmail_1.2.11.dfsg-1_all.deb
asterisk_1.2.11.dfsg-1.diff.gz
to pool/main/a/asterisk/asterisk_1.2.11.dfsg-1.diff.gz
asterisk_1.2.11.dfsg-1.dsc
to pool/main/a/asterisk/asterisk_1.2.11.dfsg-1.dsc
asterisk_1.2.11.dfsg-1_all.deb
to pool/main/a/asterisk/asterisk_1.2.11.dfsg-1_all.deb
asterisk_1.2.11.dfsg.orig.tar.gz
to pool/main/a/asterisk/asterisk_1.2.11.dfsg.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Mark Purcell <[EMAIL PROTECTED]> (supplier of updated asterisk package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 2 Sep 2006 13:01:02 +0100
Source: asterisk
Binary: asterisk-h323 asterisk-web-vmail asterisk asterisk-classic asterisk-dev
asterisk-doc asterisk-sounds-main asterisk-bristuff asterisk-config
Architecture: source all i386
Version: 1:1.2.11.dfsg-1
Distribution: unstable
Urgency: high
Maintainer: Debian VoIP Team <[EMAIL PROTECTED]>
Changed-By: Mark Purcell <[EMAIL PROTECTED]>
Description:
asterisk - Open Source Private Branch Exchange (PBX)
asterisk-bristuff - Open Source Private Branch Exchange (PBX) -
BRIstuff-enabled vers
asterisk-classic - Open Source Private Branch Exchange (PBX) - original Digium
versi
asterisk-config - config files for asterisk
asterisk-dev - development files for asterisk
asterisk-doc - documentation for asterisk
asterisk-h323 - asterisk H.323 VoIP channel
asterisk-sounds-main - sound files for asterisk
asterisk-web-vmail - Web-based (CGI) voice mail interface for Asterisk
Closes: 384283 385060
Changes:
asterisk (1:1.2.11.dfsg-1) unstable; urgency=high
.
[ Tzafrir Cohen]
* apprecord_sprintf.dpatch: fix format string issue in app_record.so .
.
[ Mark Purcell ]
* New Upstream Release
* Urgency high as fixes CVE-2006-4346
* CVE-2006-4346: Asterisk MGCP AUEP Response Handling Buffer
Overflow (Closes: Bug#385060)
* Please package Asterisk 1.2.11 and Zaptel 1.2.8 (Closes: #384283)
* Better error handling on init.d reload, if asterisk isn't running
* Lintian cleanup: not-binnmuable-any-depends-all
* Lintian cleanup: not-binnmuable-all-depends-any
* Use restart in asterisk_fix
Files:
1036250ae43fbf9b3244cc59146eea28 1381 comm optional asterisk_1.2.11.dfsg-1.dsc
250cc5d8120fc566ba75a2e199f4a1c5 3863912 comm optional
asterisk_1.2.11.dfsg.orig.tar.gz
435a2e34a2c0ea608976d6a385fc6439 168193 comm optional
asterisk_1.2.11.dfsg-1.diff.gz
600d4f1221088ae762df60231204a4e0 136670 comm optional
asterisk_1.2.11.dfsg-1_all.deb
6b6d0645e451946799fead88075bd6b5 19072658 doc optional
asterisk-doc_1.2.11.dfsg-1_all.deb
0a97b63eed19da971209dd0aa9daba74 160178 devel optional
asterisk-dev_1.2.11.dfsg-1_all.deb
62d6af1dc8085ff339224efedddd96a9 1491316 comm optional
asterisk-sounds-main_1.2.11.dfsg-1_all.deb
2c6dac02dfe0081f3fe6d376d820afa1 64318 comm optional
asterisk-web-vmail_1.2.11.dfsg-1_all.deb
f1e6b59fddf83b4545c757385e55b49e 122146 comm optional
asterisk-config_1.2.11.dfsg-1_all.deb
faa15bd6124f244de47fce4b06c223a5 1641572 comm optional
asterisk-classic_1.2.11.dfsg-1_i386.deb
aab5342c9e111c032eb131afb5070c94 1671104 comm optional
asterisk-bristuff_1.2.11.dfsg-1_i386.deb
a9a905caf1182b34ad37e1aaa34a8b2e 121182 comm optional
asterisk-h323_1.2.11.dfsg-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFE+beooCzanz0IthIRAtApAJ9a9DyNN1Rt4eFeogBJvhanVS/8HACeJJh5
GdYwFUOBFdfBmNqkYAi1aSE=
=EUo1
-----END PGP SIGNATURE-----
--- End Message ---
