Debian Bug report logs -
#741313
asterisk: CVE-2014-2286 CVE-2014-2287
Reported by: Moritz Muehlenhoff <jmm@inutil.org>
Date: Tue, 11 Mar 2014 05:54:02 UTC
Severity: grave
Tags: security
Fixed in version asterisk/1:11.8.1~dfsg-1
Done: Jeremy Lainé <jeremy.laine@m4x.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org>:
Bug#741313; Package asterisk.
(Tue, 11 Mar 2014 05:54:07 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org>.
(Tue, 11 Mar 2014 05:54:07 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: asterisk
Severity: grave
Tags: security
Justification: user security hole
Hi,
please see
http://downloads.asterisk.org/pub/security/AST-2014-002.html and
http://downloads.asterisk.org/pub/security/AST-2014-001.html
Cheers,
Moritz
Reply sent
to Jeremy Lainé <jeremy.laine@m4x.org>:
You have taken responsibility.
(Tue, 11 Mar 2014 07:21:10 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer.
(Tue, 11 Mar 2014 07:21:10 GMT) (full text, mbox, link).
Message #10 received at 741313-close@bugs.debian.org (full text, mbox, reply):
Source: asterisk
Source-Version: 1:11.8.1~dfsg-1
We believe that the bug you reported is fixed in the latest version of
asterisk, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 741313@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jeremy Lainé <jeremy.laine@m4x.org> (supplier of updated asterisk package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Tue, 11 Mar 2014 07:44:54 +0100
Source: asterisk
Binary: asterisk asterisk-modules asterisk-dahdi asterisk-vpb asterisk-voicemail asterisk-voicemail-imapstorage asterisk-voicemail-odbcstorage asterisk-ooh423 asterisk-mp3 asterisk-mysql asterisk-mobile asterisk-doc asterisk-dev asterisk-dbg asterisk-config
Architecture: source amd64 all
Version: 1:11.8.1~dfsg-1
Distribution: unstable
Urgency: high
Maintainer: Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org>
Changed-By: Jeremy Lainé <jeremy.laine@m4x.org>
Description:
asterisk - Open Source Private Branch Exchange (PBX)
asterisk-config - Configuration files for Asterisk
asterisk-dahdi - DAHDI devices support for the Asterisk PBX
asterisk-dbg - Debugging symbols for Asterisk
asterisk-dev - Development files for Asterisk
asterisk-doc - Source code documentation for Asterisk
asterisk-mobile - Bluetooth phone support for the Asterisk PBX
asterisk-modules - loadable modules for the Asterisk PBX
asterisk-mp3 - MP3 playback support for the Asterisk PBX
asterisk-mysql - MySQL database protocol support for the Asterisk PBX
asterisk-ooh423 - H.323 protocol support for the Asterisk PBX - ooH323c
asterisk-voicemail - simple voicemail support for the Asterisk PBX
asterisk-voicemail-imapstorage - IMAP voicemail storage support for the Asterisk PBX
asterisk-voicemail-odbcstorage - ODBC voicemail storage support for the Asterisk PBX
asterisk-vpb - VoiceTronix devices support for the Asterisk PBX
Closes: 741313
Changes:
asterisk (1:11.8.1~dfsg-1) unstable; urgency=high
.
* New upstream security release (Closes: #741313).
Checksums-Sha1:
466da9eebc060c11d034c7c855382f3284762a4c 3146 asterisk_11.8.1~dfsg-1.dsc
68e1adbcf8a862d59d6aaa9c90ba2485d4fe2ffd 8188995 asterisk_11.8.1~dfsg.orig.tar.gz
d07aaa252f3b946921e71f3c3571e089cd252c6c 93100 asterisk_11.8.1~dfsg-1.debian.tar.xz
aa9cd58f98d9dbeb30b549771777a1911076bd96 1463808 asterisk_11.8.1~dfsg-1_amd64.deb
cd72d3778ec7dc5b8ea7284c8fc3982b418ed49c 2039922 asterisk-modules_11.8.1~dfsg-1_amd64.deb
c0601b046da1b7517ecccffcfa1e31a959ec33e6 649366 asterisk-dahdi_11.8.1~dfsg-1_amd64.deb
c29debc19899622eaff1329b40af7846b33fd0a4 458504 asterisk-vpb_11.8.1~dfsg-1_amd64.deb
f771b723f000e27e8716781690254d2ea5b05241 513476 asterisk-voicemail_11.8.1~dfsg-1_amd64.deb
65407e4e80a24a15d2f4028e11bb12a68540bad5 529534 asterisk-voicemail-imapstorage_11.8.1~dfsg-1_amd64.deb
b767eed6fa09bc2805b9c5e7b395522b38f3d28d 519288 asterisk-voicemail-odbcstorage_11.8.1~dfsg-1_amd64.deb
1e32c3d6c5e21d0af16889a5c7a74fd2cd857cff 767322 asterisk-ooh423_11.8.1~dfsg-1_amd64.deb
a51d439f4474b0b24c572515fa41a43d14f16820 454882 asterisk-mp3_11.8.1~dfsg-1_amd64.deb
8b64905dc505b2295674a78522e746f7782bf062 472094 asterisk-mysql_11.8.1~dfsg-1_amd64.deb
bc6e67585fb32adbf1572297c7131e80168e5aa7 464950 asterisk-mobile_11.8.1~dfsg-1_amd64.deb
416ac6e9eab9bb154c6461518572d1f1231ea110 2306662 asterisk-doc_11.8.1~dfsg-1_all.deb
1274b9a23ea25a21f0b720b0988bc1c3044cb7ae 742104 asterisk-dev_11.8.1~dfsg-1_all.deb
3ad6fce33853742a66639dc94305f82231972cc6 12806048 asterisk-dbg_11.8.1~dfsg-1_amd64.deb
0dabe5cb1ee6f9e5d79483eda2cf24524ad1e7b8 786260 asterisk-config_11.8.1~dfsg-1_all.deb
Checksums-Sha256:
8f83480cbea73fb46703bc55bfe0dc3175fcb97fd4ddf1e80075c535e71c6a64 3146 asterisk_11.8.1~dfsg-1.dsc
d84cc11b7808ef2f43463865a76eb32821176072f06ba514709d5f263e3638b2 8188995 asterisk_11.8.1~dfsg.orig.tar.gz
60574c84a99f865e50969597c43ef41bc50a921a6412968c8750db7420c5cb24 93100 asterisk_11.8.1~dfsg-1.debian.tar.xz
343e9c8f2d6af693d319736dd5851430453f62bd0cbe389a2d8d76a6382aa6e9 1463808 asterisk_11.8.1~dfsg-1_amd64.deb
687dc042d235298c2dbd5531da80d8349f58c3c0204ba06aa987d0f3895aff97 2039922 asterisk-modules_11.8.1~dfsg-1_amd64.deb
448f3325cc71d46d44b88abe4472b94a43594b551cd1f019305f9ed72eabe6e6 649366 asterisk-dahdi_11.8.1~dfsg-1_amd64.deb
2fb16d3eccb0d2ae5d6428263a20951f32855f1872f71521ac70726595a5ea8f 458504 asterisk-vpb_11.8.1~dfsg-1_amd64.deb
26d4605960c0f3093f77d95cdc6065eb840de415bbddf1c0b08abf91fd17f440 513476 asterisk-voicemail_11.8.1~dfsg-1_amd64.deb
980512b983071740c75c0fc5392b1f86d8a057ed375553e1227d7ec5cb82fb62 529534 asterisk-voicemail-imapstorage_11.8.1~dfsg-1_amd64.deb
51431f43582abdfedb9286b7e7820be9f008dae3559e041b8992d36ce87f4ec4 519288 asterisk-voicemail-odbcstorage_11.8.1~dfsg-1_amd64.deb
3f864c09ab8facda22e39035d08dda582bb62264db9fdbceb5a2bf3b52710042 767322 asterisk-ooh423_11.8.1~dfsg-1_amd64.deb
0e1dd8f70a4dc6204741be184390b5b1319bf17ad1fa24d30ab1746ecde31bba 454882 asterisk-mp3_11.8.1~dfsg-1_amd64.deb
d026cf2019c7dc1a1d443fd18f00b3267859187cb504f392aa7f1edd3f06ca2e 472094 asterisk-mysql_11.8.1~dfsg-1_amd64.deb
96747928ed96850510970938d68ae8b3637f6ca4f4599eded24e7f21070d02b7 464950 asterisk-mobile_11.8.1~dfsg-1_amd64.deb
3cf4635cb50b5026879e7cf0a9bb3d963cedc5a069c6925294e3e1a8f56d553b 2306662 asterisk-doc_11.8.1~dfsg-1_all.deb
48b101e3f00d36599031894d9fd801e668bc94d5606cda1aab3140e3ae117075 742104 asterisk-dev_11.8.1~dfsg-1_all.deb
ef74b66585e68704b4c333772e4760c9a16ff4597d9d1abd33f55cf0680134f3 12806048 asterisk-dbg_11.8.1~dfsg-1_amd64.deb
98d958de3ffcc8f0446baa7a8a8744a2ea17ed60b5ae38f84c2235431bc6634c 786260 asterisk-config_11.8.1~dfsg-1_all.deb
Files:
41cc41de767902d9f57a0fdb5f3fbc33 3146 comm optional asterisk_11.8.1~dfsg-1.dsc
fa24bc3b4ae6fcba290ab64053192f94 8188995 comm optional asterisk_11.8.1~dfsg.orig.tar.gz
b79ca251c8559cbfe065219aeb01dec4 93100 comm optional asterisk_11.8.1~dfsg-1.debian.tar.xz
ccfcf0929b74ae4537a947e50bfebfee 1463808 comm optional asterisk_11.8.1~dfsg-1_amd64.deb
a3b968e75e79231594a449ce4abb028d 2039922 libs optional asterisk-modules_11.8.1~dfsg-1_amd64.deb
77a3050956fefa77dc5572501f363cd5 649366 comm optional asterisk-dahdi_11.8.1~dfsg-1_amd64.deb
38d89be3f8a97ba899c84411ba818cf3 458504 comm optional asterisk-vpb_11.8.1~dfsg-1_amd64.deb
e1ac1e39daa0a2262cf7f9741ac25293 513476 comm optional asterisk-voicemail_11.8.1~dfsg-1_amd64.deb
a5c10462e9f48216390e6ed82468ad56 529534 comm optional asterisk-voicemail-imapstorage_11.8.1~dfsg-1_amd64.deb
8d8d70b2cc353da6d3b3139dab922e74 519288 comm optional asterisk-voicemail-odbcstorage_11.8.1~dfsg-1_amd64.deb
771bfac6003f92bf7627a27d592e42e1 767322 comm optional asterisk-ooh423_11.8.1~dfsg-1_amd64.deb
d7d38c79721641bacc2de0e3e79beb7a 454882 comm optional asterisk-mp3_11.8.1~dfsg-1_amd64.deb
4c64d3933cd05a45b5d3a4c8c9c3fa69 472094 comm optional asterisk-mysql_11.8.1~dfsg-1_amd64.deb
c66645c0018b743762c773d84de0951a 464950 comm optional asterisk-mobile_11.8.1~dfsg-1_amd64.deb
05a9b8d47390b172b19a4a38df38496b 2306662 doc extra asterisk-doc_11.8.1~dfsg-1_all.deb
ff602104015fdeacf47f91d6ed94fccf 742104 devel extra asterisk-dev_11.8.1~dfsg-1_all.deb
af6b2e2dac705d64cb0b5ebb7e1e5e28 12806048 debug extra asterisk-dbg_11.8.1~dfsg-1_amd64.deb
ccc917849814bd3d45cbf8ab5fcae6bc 786260 comm optional asterisk-config_11.8.1~dfsg-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEARECAAYFAlMetAIACgkQ4mJJZqJp2SftfgCgi0u7hJ215yOPdsdfmNOFUvla
pbkAnAnKdfDOLQzrVzlHN/DeGche4CTx
=QGtD
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Thu, 10 Apr 2014 07:25:38 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 15:10:23 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon