Debian Bug report logs -
#762164
asterisk: CVE-2014-6610: Remote crash when handling out of call message in certain dialplan configurations
Reported by: Salvatore Bonaccorso <carnil@debian.org>
Date: Fri, 19 Sep 2014 07:03:02 UTC
Severity: important
Tags: fixed-upstream, patch, security, upstream
Fixed in version asterisk/1:11.12.1~dfsg-1
Done: Jeremy Lainé <jeremy.laine@m4x.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org>:
Bug#762164; Package src:asterisk.
(Fri, 19 Sep 2014 07:03:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org>.
(Fri, 19 Sep 2014 07:03:07 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: asterisk
Severity: important
Tags: security upstream patch fixed-upstream
Hi,
the following vulnerability was published for asterisk.
CVE-2014-6610[0]:
Remote crash when handling out of call message in certain dialplan configurations
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2014-6610
[1] http://downloads.asterisk.org/pub/security/AST-2014-010.html
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
Reply sent
to Jeremy Lainé <jeremy.laine@m4x.org>:
You have taken responsibility.
(Mon, 22 Sep 2014 09:21:09 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Mon, 22 Sep 2014 09:21:09 GMT) (full text, mbox, link).
Message #10 received at 762164-close@bugs.debian.org (full text, mbox, reply):
Source: asterisk
Source-Version: 1:11.12.1~dfsg-1
We believe that the bug you reported is fixed in the latest version of
asterisk, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 762164@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jeremy Lainé <jeremy.laine@m4x.org> (supplier of updated asterisk package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 22 Sep 2014 09:53:31 +0200
Source: asterisk
Binary: asterisk asterisk-modules asterisk-dahdi asterisk-vpb asterisk-voicemail asterisk-voicemail-imapstorage asterisk-voicemail-odbcstorage asterisk-ooh423 asterisk-mp3 asterisk-mysql asterisk-mobile asterisk-doc asterisk-dev asterisk-dbg asterisk-config
Architecture: source amd64 all
Version: 1:11.12.1~dfsg-1
Distribution: unstable
Urgency: high
Maintainer: Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org>
Changed-By: Jeremy Lainé <jeremy.laine@m4x.org>
Description:
asterisk - Open Source Private Branch Exchange (PBX)
asterisk-config - Configuration files for Asterisk
asterisk-dahdi - DAHDI devices support for the Asterisk PBX
asterisk-dbg - Debugging symbols for Asterisk
asterisk-dev - Development files for Asterisk
asterisk-doc - Source code documentation for Asterisk
asterisk-mobile - Bluetooth phone support for the Asterisk PBX
asterisk-modules - loadable modules for the Asterisk PBX
asterisk-mp3 - MP3 playback support for the Asterisk PBX
asterisk-mysql - MySQL database protocol support for the Asterisk PBX
asterisk-ooh423 - H.323 protocol support for the Asterisk PBX - ooH323c
asterisk-voicemail - simple voicemail support for the Asterisk PBX
asterisk-voicemail-imapstorage - IMAP voicemail storage support for the Asterisk PBX
asterisk-voicemail-odbcstorage - ODBC voicemail storage support for the Asterisk PBX
asterisk-vpb - VoiceTronix devices support for the Asterisk PBX
Closes: 762164
Changes:
asterisk (1:11.12.1~dfsg-1) unstable; urgency=high
.
* New upstream security release, fixes:
- AST-2014-010 a.k.a. CVE-2014-6610 (Closes: #762164).
Checksums-Sha1:
9b43ffb52aa15f5bd63326f2b366c1d9138d7ec9 3981 asterisk_11.12.1~dfsg-1.dsc
c97978f3fd13004fb45ce7c732f9ca5e5a330e46 8253352 asterisk_11.12.1~dfsg.orig.tar.gz
49c865d523e6c5cb6a0d0fc3baa714feb9b5db5d 102084 asterisk_11.12.1~dfsg-1.debian.tar.xz
8a1854160b5d106be6b5f33416b86a3a0a88c06d 1595978 asterisk_11.12.1~dfsg-1_amd64.deb
804a5bf98a41ddc42d2b31ab7fdded64e71fc2a6 2111866 asterisk-modules_11.12.1~dfsg-1_amd64.deb
c42d298fe57db5781873a9196cc15fd7a67eae81 697430 asterisk-dahdi_11.12.1~dfsg-1_amd64.deb
87a4543e0cd6e960817b4ee119e5a747aa3e55d8 501618 asterisk-vpb_11.12.1~dfsg-1_amd64.deb
af90963affd63d1cfd7610b73a9b5962c2405e36 557624 asterisk-voicemail_11.12.1~dfsg-1_amd64.deb
e387c2f2af179010fd4028ef2425039f6d7e5ae4 573514 asterisk-voicemail-imapstorage_11.12.1~dfsg-1_amd64.deb
2a601252984dcc4873438b03628ab6cabe6f3c23 563492 asterisk-voicemail-odbcstorage_11.12.1~dfsg-1_amd64.deb
96a78ea9a157b2795aa60c67563d80b30853c97b 812564 asterisk-ooh423_11.12.1~dfsg-1_amd64.deb
de50038dd6c69f54e95c5425c9caee415aacf39f 497328 asterisk-mp3_11.12.1~dfsg-1_amd64.deb
d3ba4b7a7bfee852e72a040372b81308e8e8f762 515216 asterisk-mysql_11.12.1~dfsg-1_amd64.deb
d68444a365db22c67a258c73a53bbfebecd5ac80 507612 asterisk-mobile_11.12.1~dfsg-1_amd64.deb
7e26663f89008b57c14ebae21a59e02cb39831de 2352146 asterisk-doc_11.12.1~dfsg-1_all.deb
5618a04823890c2731b3175f360d88059a7a0b32 785402 asterisk-dev_11.12.1~dfsg-1_all.deb
0f88028f8408ecf4c7ca160da5677bfd70019c2e 11913010 asterisk-dbg_11.12.1~dfsg-1_amd64.deb
bfd0bdf57841fa2ab0cf757ed222c38b41cbff76 831430 asterisk-config_11.12.1~dfsg-1_all.deb
Checksums-Sha256:
f74bcb248b2d3c70865ffc727fd386fd0d8e6c12d27ee935991c2609a47cd717 3981 asterisk_11.12.1~dfsg-1.dsc
c1d03b915a9d43e5c482ffb41df08f751a2f7a48c7fab569f1a47b7acfb26f40 8253352 asterisk_11.12.1~dfsg.orig.tar.gz
ed1d2a3f484c30a52dfeb9b0dd703effc88c022f73378ddfc51904a23fe4a87f 102084 asterisk_11.12.1~dfsg-1.debian.tar.xz
a815a345b122b0b09c72b66fc97b93d2098dc92848b8e4a3f4c377721bab7092 1595978 asterisk_11.12.1~dfsg-1_amd64.deb
43e99d4538555a383b53c4c8badc1402142bdb057035e258ad577515042df72a 2111866 asterisk-modules_11.12.1~dfsg-1_amd64.deb
5f1f429c4a8bcc5c5152337719d3e8557d48d5d216ccd25c1117eb924110fedd 697430 asterisk-dahdi_11.12.1~dfsg-1_amd64.deb
c22ca1f4779987b6b9d2a41b5243e17f27d34b405e40e9feb74a127102846486 501618 asterisk-vpb_11.12.1~dfsg-1_amd64.deb
4dca74a3a3a53b32845756307d24118265396b8eb0699464b4814da87c6e2268 557624 asterisk-voicemail_11.12.1~dfsg-1_amd64.deb
143c6ed2e5f5f70090ddd731fd843399ad618ca041e6c333258d9db0254de8d8 573514 asterisk-voicemail-imapstorage_11.12.1~dfsg-1_amd64.deb
c5a5f27c3a561870f05f445c2055bc272f48ccc915ef19ce495ade9a314db91b 563492 asterisk-voicemail-odbcstorage_11.12.1~dfsg-1_amd64.deb
0360c9c4676d6052549ecc2b72c89a444e973653e797c64f916fc639075c2db9 812564 asterisk-ooh423_11.12.1~dfsg-1_amd64.deb
246eec7cafa56543d9426520f35a325defaedfa037ad974d42584d943fd4f03e 497328 asterisk-mp3_11.12.1~dfsg-1_amd64.deb
38ff5df2f4fad4700b9d936f9cde629af9ecf6b3db422445fd6529e24b90f156 515216 asterisk-mysql_11.12.1~dfsg-1_amd64.deb
d0ac69c5a1438cb7fca9dced665a059cdf61aaf062b1e2df643cbcf049a2425b 507612 asterisk-mobile_11.12.1~dfsg-1_amd64.deb
803402026cf340a4a28c094599f5c70fb1c0b0a4d9492832cd6f91535641194b 2352146 asterisk-doc_11.12.1~dfsg-1_all.deb
d781d8b56597c025c4f91a77636d1b976a6a9a0e07d42eabc3c59aad066b6d0a 785402 asterisk-dev_11.12.1~dfsg-1_all.deb
a515fbb7a92705c3f9fdc45aad3bf231c574a7a954caa06588160b5480a82f65 11913010 asterisk-dbg_11.12.1~dfsg-1_amd64.deb
cedfc6e05b3f4b9d40ba22a741cb2fc9a073c6233251bd9a68baff269f934210 831430 asterisk-config_11.12.1~dfsg-1_all.deb
Files:
1bc7a49c1e94bceda1cee41a5588c24c 1595978 comm optional asterisk_11.12.1~dfsg-1_amd64.deb
4f77d1670912c737b053228443640e79 2111866 libs optional asterisk-modules_11.12.1~dfsg-1_amd64.deb
ff64323b2e917fe47ba23ef3c6175708 697430 comm optional asterisk-dahdi_11.12.1~dfsg-1_amd64.deb
2dc7762934977866a0375ae6e3449f78 501618 comm optional asterisk-vpb_11.12.1~dfsg-1_amd64.deb
8163b568b643c2e8a4ba0d487dacea63 557624 comm optional asterisk-voicemail_11.12.1~dfsg-1_amd64.deb
9fc9dbe9c1b61725f166c826fc2b4d62 573514 comm optional asterisk-voicemail-imapstorage_11.12.1~dfsg-1_amd64.deb
647b1e367299d982ade0c022b0303730 563492 comm optional asterisk-voicemail-odbcstorage_11.12.1~dfsg-1_amd64.deb
47c6f7dc30b808a190137246830665fc 812564 comm optional asterisk-ooh423_11.12.1~dfsg-1_amd64.deb
fc5514543310b1d708a92a6e03bcd321 497328 comm optional asterisk-mp3_11.12.1~dfsg-1_amd64.deb
b01faeacdbb207e115124799687016cc 515216 comm optional asterisk-mysql_11.12.1~dfsg-1_amd64.deb
cdf40ca31446e14ed9b30af77e501e93 507612 comm optional asterisk-mobile_11.12.1~dfsg-1_amd64.deb
75218f3f0166c6d1c1d5c66fd27a91c0 2352146 doc extra asterisk-doc_11.12.1~dfsg-1_all.deb
a928d51c4b3cc231c12f1c610211b762 785402 devel extra asterisk-dev_11.12.1~dfsg-1_all.deb
65d2b9a1cc5aa061e6d884dfe670e62f 11913010 debug extra asterisk-dbg_11.12.1~dfsg-1_amd64.deb
948e905471cbae2e1cb98e9bb4fb7c1a 831430 comm optional asterisk-config_11.12.1~dfsg-1_all.deb
91892e503b75d4895cc0fe6c17123d89 3981 comm optional asterisk_11.12.1~dfsg-1.dsc
3606d659b6ea559aa2dd2fa23315b51b 8253352 comm optional asterisk_11.12.1~dfsg.orig.tar.gz
efa5eb8ebee64d107f99562879dfa104 102084 comm optional asterisk_11.12.1~dfsg-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJUH9lWAAoJENLPZJIaziaHL6cP/AmbQbGUJ61X+mInySHaaVsb
YVFk00V9x5d6AbyAoIkSHcsydpo56epvmkfgkFY1lYu4k02ULjagY+07hPW7PDT0
Cn6pPiTvL8QiIezwGY3MRzyvP5X5wOTodFaCjjlxDaHCZ8szoGpc9kgLJD7H4mbb
MIVYsSG1cvK6NYEkS/wmUcxrUC6YJkFtzSCoOkMf4wA2wZ0FuBvQBylAFgVXmi5j
3fs10co8biMqyKsHoy39OLVgSWcQU7hRFZ480t/yC9p8EGLDyu1J4KpuQRw+JM0/
i5RkAMrBtqYsns+DYzWAODtiuvCGA7PDNVnAPWn/clsRZBJWkdXb5a6CdiXGPk1y
iRBkeGmdBIYkFtucpXuxy8T5V02cFPEbNVynS94R0SPjalR0d3RjuAzDfHOBNWcx
r9ieT+y/rcFpjSA0W17u0gEUIS99vaANXQ9y0bP26zM6OshZ3Uxky1iTIpvofmkR
8Xsw/eJj7NRqrDaLc6jM65vw2Lg9hRwncpm916UMx1eDF61ZJOmXbHkjxPK2tpQV
/024XgT7Zk2i2JPOLBt5rSobl8eoe+MdWuq40Zmkk2y+hYCG1UtuAL5qZHCyhXrQ
E/lmsEYThvV97TdAMsODLulrLlrPllXR6p0Q453+Qn19dllbon3rh+DVhom/QOH9
0os39JbjYf+qD8xup12C
=2tpT
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Thu, 30 Oct 2014 07:33:10 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 18:48:53 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon