Bug#395080: marked as done (CVE-2006-5444/5:security issues in asterisk)

[Debian Bug Tracking System]

Your message dated Tue, 24 Oct 2006 23:32:19 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#395080: fixed in asterisk 1:1.2.13~dfsg-1
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---

Package: asterisk
Severity: grave
Tags: security

A heap-based buffer overflow vulnerability has been found in the 
skinny module of asterisk. It is fixed in 1.2.13 and 1.0.12

See

http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050171.html
http://secunia.com/advisories/22480/

for details.

--- End Message ---

--- Begin Message ---

Source: asterisk
Source-Version: 1:1.2.13~dfsg-1

We believe that the bug you reported is fixed in the latest version of
asterisk, which is due to be installed in the Debian FTP archive:

asterisk-bristuff_1.2.13~dfsg-1_i386.deb
  to pool/main/a/asterisk/asterisk-bristuff_1.2.13~dfsg-1_i386.deb
asterisk-classic_1.2.13~dfsg-1_i386.deb
  to pool/main/a/asterisk/asterisk-classic_1.2.13~dfsg-1_i386.deb
asterisk-config_1.2.13~dfsg-1_all.deb
  to pool/main/a/asterisk/asterisk-config_1.2.13~dfsg-1_all.deb
asterisk-dev_1.2.13~dfsg-1_all.deb
  to pool/main/a/asterisk/asterisk-dev_1.2.13~dfsg-1_all.deb
asterisk-doc_1.2.13~dfsg-1_all.deb
  to pool/main/a/asterisk/asterisk-doc_1.2.13~dfsg-1_all.deb
asterisk-h323_1.2.13~dfsg-1_i386.deb
  to pool/main/a/asterisk/asterisk-h323_1.2.13~dfsg-1_i386.deb
asterisk-sounds-main_1.2.13~dfsg-1_all.deb
  to pool/main/a/asterisk/asterisk-sounds-main_1.2.13~dfsg-1_all.deb
asterisk-web-vmail_1.2.13~dfsg-1_all.deb
  to pool/main/a/asterisk/asterisk-web-vmail_1.2.13~dfsg-1_all.deb
asterisk_1.2.13~dfsg-1.diff.gz
  to pool/main/a/asterisk/asterisk_1.2.13~dfsg-1.diff.gz
asterisk_1.2.13~dfsg-1.dsc
  to pool/main/a/asterisk/asterisk_1.2.13~dfsg-1.dsc
asterisk_1.2.13~dfsg-1_all.deb
  to pool/main/a/asterisk/asterisk_1.2.13~dfsg-1_all.deb
asterisk_1.2.13~dfsg.orig.tar.gz
  to pool/main/a/asterisk/asterisk_1.2.13~dfsg.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Mark Purcell <[EMAIL PROTECTED]> (supplier of updated asterisk package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Wed, 25 Oct 2006 06:46:52 +0100
Source: asterisk
Binary: asterisk-h323 asterisk-web-vmail asterisk asterisk-classic asterisk-dev 
asterisk-doc asterisk-sounds-main asterisk-bristuff asterisk-config
Architecture: source all i386
Version: 1:1.2.13~dfsg-1
Distribution: unstable
Urgency: high
Maintainer: Debian VoIP Team <[EMAIL PROTECTED]>
Changed-By: Mark Purcell <[EMAIL PROTECTED]>
Description: 
 asterisk   - Open Source Private Branch Exchange (PBX)
 asterisk-bristuff - Open Source Private Branch Exchange (PBX) - 
BRIstuff-enabled vers
 asterisk-classic - Open Source Private Branch Exchange (PBX) - original Digium 
versi
 asterisk-config - config files for asterisk
 asterisk-dev - development files for asterisk
 asterisk-doc - documentation for asterisk
 asterisk-h323 - asterisk H.323 VoIP channel
 asterisk-sounds-main - sound files for asterisk
 asterisk-web-vmail - Web-based (CGI) voice mail interface for Asterisk
Closes: 338116 342138 348194 375141 386113 389376 394025 394122 395080
Changes: 
 asterisk (1:1.2.13~dfsg-1) unstable; urgency=high
 .
   [ Kilian Krause ]
   * Fixup dfsg versions with increased upstream build count.
 .
   [ Santiago Ruano Rincón ]
   * Added cdr_sqlite3_custom dpatch
 .
   [ Mark Purcell ]
   * New upstream release
     - Remote compromise (Closes: #394025)
     - CVE-2006-5444/5:security issues in asterisk (Closes: #395080)
     - Urgency high as this fixes remote compromise security issue
     - Information disclosure of voice mail messages through vmail.cgi
     (Closes: #338116)
     - package asterisk-dev should contain asterisk.h main header (Closes:
     #342138)
     - format_ogg_vorbis.so was present in i386, no longer in packages
     (Closes: #375141)
   * Update debian/patches/bristuff.dpatch
   * bristuff-0.3.0-PRE-1v
     - Please package bristuff 0.3.0PREu (Closes: #394122)
     - please include app_pickup.c from bristuff (Closes: #348194)
   * Build Depends: dpkg ( >= 1.13.19)
     - Asterisk must build-depend upon dpkg ( >= 1.13.19) (Closes: #386113)
   * Build-Depends: libpq-dev
     - obsolete build dependency postgresql-dev (Closes: #389376)
Files: 
 14426527db1c7abf12a02b745cae91b0 1395 comm optional asterisk_1.2.13~dfsg-1.dsc
 f8ee088b2e4feffe2b35d78079f90b69 3835589 comm optional 
asterisk_1.2.13~dfsg.orig.tar.gz
 a75d403e861600e0a50e5d3f5688985f 173367 comm optional 
asterisk_1.2.13~dfsg-1.diff.gz
 e9a80c1e404ac596ba7c31074e348e7b 145536 comm optional 
asterisk_1.2.13~dfsg-1_all.deb
 73d0100ba93d2f1193c9e227be83d8e5 19121500 doc optional 
asterisk-doc_1.2.13~dfsg-1_all.deb
 f25a5e8e52b262c07d3645024f6e1b14 168992 devel optional 
asterisk-dev_1.2.13~dfsg-1_all.deb
 189167a3c013dda5bb26b80c1518f313 1503672 comm optional 
asterisk-sounds-main_1.2.13~dfsg-1_all.deb
 0d31a0872756006e310c64e171f1e268 72796 comm optional 
asterisk-web-vmail_1.2.13~dfsg-1_all.deb
 ecae111f8aa9e43ee65e31dcac7e0e3b 130726 comm optional 
asterisk-config_1.2.13~dfsg-1_all.deb
 8da1c58282bcfccc944ab62f3f35321a 1614394 comm optional 
asterisk-classic_1.2.13~dfsg-1_i386.deb
 0e6df112a50fb2d859e713e2a1922c95 1647624 comm optional 
asterisk-bristuff_1.2.13~dfsg-1_i386.deb
 46e7f3bf3fbbfb248fc20ae839b7a854 129878 comm optional 
asterisk-h323_1.2.13~dfsg-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFFPv4ToCzanz0IthIRAlenAJ9wJZlZlwJB7pGtrhrC916T9FZprACfYtx+
fpIysXNrCHdbPtaFLWqZfL8=
=y4D5
-----END PGP SIGNATURE-----

--- End Message ---