Package: asterisk; Maintainer for asterisk is Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org>; Source for asterisk is src:asterisk (PTS, buildd, popcon).
Reported by: Luciano Bello <luciano@debian.org>
Date: Sat, 17 Mar 2012 17:30:04 UTC
Severity: grave
Tags: patch, security
Fixed in versions asterisk/1:1.8.10.0~dfsg-1, asterisk/1:1.8.10.1~dfsg-1, asterisk/1:1.6.2.9-2+squeeze5
Done: Tzafrir Cohen <tzafrir@debian.org>
Bug is archived. No further changes may be made.
View this report as an mbox folder, status mbox, maintainer mbox
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org>:
Bug#664411; Package asterisk.
(Sat, 17 Mar 2012 17:30:07 GMT) (full text, mbox, link).
Acknowledgement sent
to Luciano Bello <luciano@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org>.
(Sat, 17 Mar 2012 17:30:07 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Package: asterisk Severity: grave Tags: security patch The following vulnerability had been reported against asterisk: http://www.openwall.com/lists/oss-security/2012/03/16/10 The patch can be found in the report. They are referred as AST-2012-002 and AST-2012-003. Please use CVE-2012-1183 and CVE-2012-1184, respectably. Cheers, luciano
[signature.asc (application/pgp-signature, inline)]
Added tag(s) pending.
Request was from Mark Purcell <mark@purcell.id.au>
to control@bugs.debian.org.
(Sat, 17 Mar 2012 23:09:05 GMT) (full text, mbox, link).
Reply sent
to Mark Purcell <msp@debian.org>:
You have taken responsibility.
(Sun, 18 Mar 2012 07:21:35 GMT) (full text, mbox, link).
Notification sent
to Luciano Bello <luciano@debian.org>:
Bug acknowledged by developer.
(Sun, 18 Mar 2012 07:21:35 GMT) (full text, mbox, link).
Message #12 received at 664411-close@bugs.debian.org (full text, mbox, reply):
Source: asterisk Source-Version: 1:1.8.10.0~dfsg-1 We believe that the bug you reported is fixed in the latest version of asterisk, which is due to be installed in the Debian FTP archive: asterisk-config_1.8.10.0~dfsg-1_all.deb to main/a/asterisk/asterisk-config_1.8.10.0~dfsg-1_all.deb asterisk-dahdi_1.8.10.0~dfsg-1_amd64.deb to main/a/asterisk/asterisk-dahdi_1.8.10.0~dfsg-1_amd64.deb asterisk-dbg_1.8.10.0~dfsg-1_amd64.deb to main/a/asterisk/asterisk-dbg_1.8.10.0~dfsg-1_amd64.deb asterisk-dev_1.8.10.0~dfsg-1_all.deb to main/a/asterisk/asterisk-dev_1.8.10.0~dfsg-1_all.deb asterisk-doc_1.8.10.0~dfsg-1_all.deb to main/a/asterisk/asterisk-doc_1.8.10.0~dfsg-1_all.deb asterisk-mobile_1.8.10.0~dfsg-1_amd64.deb to main/a/asterisk/asterisk-mobile_1.8.10.0~dfsg-1_amd64.deb asterisk-modules_1.8.10.0~dfsg-1_amd64.deb to main/a/asterisk/asterisk-modules_1.8.10.0~dfsg-1_amd64.deb asterisk-mp3_1.8.10.0~dfsg-1_amd64.deb to main/a/asterisk/asterisk-mp3_1.8.10.0~dfsg-1_amd64.deb asterisk-mysql_1.8.10.0~dfsg-1_amd64.deb to main/a/asterisk/asterisk-mysql_1.8.10.0~dfsg-1_amd64.deb asterisk-ooh423_1.8.10.0~dfsg-1_amd64.deb to main/a/asterisk/asterisk-ooh423_1.8.10.0~dfsg-1_amd64.deb asterisk-voicemail-imapstorage_1.8.10.0~dfsg-1_amd64.deb to main/a/asterisk/asterisk-voicemail-imapstorage_1.8.10.0~dfsg-1_amd64.deb asterisk-voicemail-odbcstorage_1.8.10.0~dfsg-1_amd64.deb to main/a/asterisk/asterisk-voicemail-odbcstorage_1.8.10.0~dfsg-1_amd64.deb asterisk-voicemail_1.8.10.0~dfsg-1_amd64.deb to main/a/asterisk/asterisk-voicemail_1.8.10.0~dfsg-1_amd64.deb asterisk_1.8.10.0~dfsg-1.debian.tar.gz to main/a/asterisk/asterisk_1.8.10.0~dfsg-1.debian.tar.gz asterisk_1.8.10.0~dfsg-1.dsc to main/a/asterisk/asterisk_1.8.10.0~dfsg-1.dsc asterisk_1.8.10.0~dfsg-1_amd64.deb to main/a/asterisk/asterisk_1.8.10.0~dfsg-1_amd64.deb asterisk_1.8.10.0~dfsg.orig.tar.gz to main/a/asterisk/asterisk_1.8.10.0~dfsg.orig.tar.gz A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 664411@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Mark Purcell <msp@debian.org> (supplier of updated asterisk package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sun, 18 Mar 2012 16:47:35 +1100 Source: asterisk Binary: asterisk asterisk-modules asterisk-dahdi asterisk-voicemail asterisk-voicemail-imapstorage asterisk-voicemail-odbcstorage asterisk-ooh423 asterisk-mp3 asterisk-mysql asterisk-mobile asterisk-doc asterisk-dev asterisk-dbg asterisk-config Architecture: source all amd64 Version: 1:1.8.10.0~dfsg-1 Distribution: unstable Urgency: low Maintainer: Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org> Changed-By: Mark Purcell <msp@debian.org> Description: asterisk - Open Source Private Branch Exchange (PBX) asterisk-config - Configuration files for Asterisk asterisk-dahdi - DAHDI devices support for the Asterisk PBX asterisk-dbg - Debugging symbols for Asterisk asterisk-dev - Development files for Asterisk asterisk-doc - Source code documentation for Asterisk asterisk-mobile - Bluetooth phone support for the Asterisk PBX asterisk-modules - loadable modules for the Asterisk PBX asterisk-mp3 - MP3 playback support for the Asterisk PBX asterisk-mysql - MySQL database protocol support for the Asterisk PBX asterisk-ooh423 - H.323 protocol support for the Asterisk PBX - ooH323c asterisk-voicemail - simple voicemail support for the Asterisk PBX asterisk-voicemail-imapstorage - IMAP voicemail storage support for the Asterisk PBX asterisk-voicemail-odbcstorage - ODBC voicemail storage support for the Asterisk PBX Closes: 402991 481702 531759 542741 577686 610811 612147 632518 643703 660240 661974 663998 664086 664411 Changes: asterisk (1:1.8.10.0~dfsg-1) unstable; urgency=low . [ Tzafrir Cohen ] * New upstrean release. * Build-depend on sqlite3 as well (Closes: #531759). . [ Paul Belanger ] * debian/patch/chan_iax2-detach-thread-on-non-stop-exit: - Dropped; merged upstream . [ Mark Purcell ] * New Release: - Fixes "SHA-1 code is doesn't allow modification" (Closes: #643703) - Fixes "[CVE-2012-1183 - CVE-2012-1184] Asterisk: AST-2012-002 and AST-2012-003 flaws" (Closes: #664411) - Fixes "Placing calls on hold fails with some IP phones" (Closes: #632518) - Fixes "Pass the correct value to ast_timer_set_rate() for IAX2 trunking." (Closes: #661974) - Fixes "Call quality on IAX significantly worse than SIP" (Closes: #481702) - Fixes "New upstream release: 1.8.2.2" (Closes: #610811) - Fixes "asterisk german number pronunciation" (Closes: #402991) - Fixes "Why using version 1.6.2.9 - it's not LTS" (Closes: #612147) - Fixes "SRTP/ZRTP support for Asterisk" (Closes: #577686) - Fixes "fails to register SIP channels on ARM" (Closes: #660240) * Fix "Planned gmime 2.4 removal" Updated Build-Depends: (Closes: #663998) * export CFLAGS LDFLAGS - Fixes "Hardening flags missing for menuselect" (Closes: #664086) - Fixes "enable hardening options" (Closes: #542741) Checksums-Sha1: be233aba0b6a45069d7cf71a1ba046d805eb4920 2997 asterisk_1.8.10.0~dfsg-1.dsc c2b3fcc7ae8572f64178557fd9af02142189fd70 7747334 asterisk_1.8.10.0~dfsg.orig.tar.gz f5d292bc061411637678144bdb71d235aa6b051a 348661 asterisk_1.8.10.0~dfsg-1.debian.tar.gz e2b785412342fe19624283dca4e23b32ce9d968d 1954614 asterisk-doc_1.8.10.0~dfsg-1_all.deb 59e1be58d5896b28d68ff9087b978f63bd26255e 918532 asterisk-dev_1.8.10.0~dfsg-1_all.deb a03608d0b91f41569cf9df7d07ac67a276d6410e 969774 asterisk-config_1.8.10.0~dfsg-1_all.deb aa73d3be7f69aef05182651fdc62fd41ead52fe0 1713248 asterisk_1.8.10.0~dfsg-1_amd64.deb 2cf40492210cb39b0d68dcc3bfbb4bf9b7ccad03 2785926 asterisk-modules_1.8.10.0~dfsg-1_amd64.deb b99a368f59331cf5360738e3347b49a5738a8fbb 876612 asterisk-dahdi_1.8.10.0~dfsg-1_amd64.deb a103cbaef98c4f2baf2e48c5d27fb17252947413 653348 asterisk-voicemail_1.8.10.0~dfsg-1_amd64.deb b74a145fe04cec6e64e405c3f8e43e7e3f7edccb 668776 asterisk-voicemail-imapstorage_1.8.10.0~dfsg-1_amd64.deb 5af85a6f72045a1ec40862eef5d35ea0a0459567 659368 asterisk-voicemail-odbcstorage_1.8.10.0~dfsg-1_amd64.deb 0f966200edbe645048e11bed999e6a9c5375697b 999460 asterisk-ooh423_1.8.10.0~dfsg-1_amd64.deb c9c84fee2cc71c93cb912f00abb62bab8707d247 595280 asterisk-mp3_1.8.10.0~dfsg-1_amd64.deb da501021605c860a51208388a6e143f332391da5 619478 asterisk-mysql_1.8.10.0~dfsg-1_amd64.deb deea35a0b189021512233a9218250f33043377bd 608376 asterisk-mobile_1.8.10.0~dfsg-1_amd64.deb 1e37586250414981cd033e39258d43bb7821460b 29393664 asterisk-dbg_1.8.10.0~dfsg-1_amd64.deb Checksums-Sha256: 055c98ea823df7bda9f05716590da227bae2773572a6f50d76e5386cf6e33281 2997 asterisk_1.8.10.0~dfsg-1.dsc e50f83a31ae6c3915b6694c3b919c7fc53f9399cb229e83b6e5f81c2f6acf8dc 7747334 asterisk_1.8.10.0~dfsg.orig.tar.gz f4ceb37a073f659a6d3a71a4cc63f5df41277ec07211dbda87c65ffed52f1fd1 348661 asterisk_1.8.10.0~dfsg-1.debian.tar.gz af42dfc7e9f8834b9076d1f9e302431d27318a9c62c926daf61b5aa8897ba578 1954614 asterisk-doc_1.8.10.0~dfsg-1_all.deb 41f347c395c20e1a508c476e2382781ad3777e1facc3b005ccfbba1cb387dfdb 918532 asterisk-dev_1.8.10.0~dfsg-1_all.deb bc1ece02937776ae6148863ca5713bff7754b32b4bc9632d2511c33d7b88d4c1 969774 asterisk-config_1.8.10.0~dfsg-1_all.deb 511e7228f0b5b9c0919692423f504debb3607bd31ee472625cd6422cd3f8d84e 1713248 asterisk_1.8.10.0~dfsg-1_amd64.deb 45b08e0ea49d073991a8f025d183f345688e209685451fb97977b11ff1f1d89a 2785926 asterisk-modules_1.8.10.0~dfsg-1_amd64.deb 9bbb4be1c9a1fe35c4ca35741071b695ed44853a48b3d4abaaf8207c6e421f2f 876612 asterisk-dahdi_1.8.10.0~dfsg-1_amd64.deb 21c545bd483dd4bd8c48fb9e78154771bfa81953be89f882d9a78e3fb937050d 653348 asterisk-voicemail_1.8.10.0~dfsg-1_amd64.deb 643c3450285d00cafbba695e09b9e083d44c2f0b44bb80e7a11136db7ec8910d 668776 asterisk-voicemail-imapstorage_1.8.10.0~dfsg-1_amd64.deb b388beba43059ab0949db1a1f3e436b75ffea8507a2bb83ddfaca3bc14c0b8ce 659368 asterisk-voicemail-odbcstorage_1.8.10.0~dfsg-1_amd64.deb 44d120042d79e347f75a4db169472a35533a91f2013c147d5f9a28cfc8863157 999460 asterisk-ooh423_1.8.10.0~dfsg-1_amd64.deb 21245dab1d1fded03bff37604f981638a5a92cf39dbbafc8d9b78eaeba97fbbc 595280 asterisk-mp3_1.8.10.0~dfsg-1_amd64.deb 42d537ad8ffeabf15c9a6fe8d32515369c25a1d93167e62dba8ae2b78fda6e8c 619478 asterisk-mysql_1.8.10.0~dfsg-1_amd64.deb 5a7cdd23c1cdc32016495265ca1b03bf266bd00e772f9854940cdc7d6b9eb00a 608376 asterisk-mobile_1.8.10.0~dfsg-1_amd64.deb 3786b85ecec168d7795f34d6255295eeb9ffa2c72262275b933602bf31eab00e 29393664 asterisk-dbg_1.8.10.0~dfsg-1_amd64.deb Files: 2d8618299412698e2daee79787433115 2997 comm optional asterisk_1.8.10.0~dfsg-1.dsc f2b0546cce25a91ebeb76c552e60aa85 7747334 comm optional asterisk_1.8.10.0~dfsg.orig.tar.gz a699bd24129a3118ddfcccbc0d223681 348661 comm optional asterisk_1.8.10.0~dfsg-1.debian.tar.gz 1c6d3b06e7ceab68062a26eae85a2978 1954614 doc extra asterisk-doc_1.8.10.0~dfsg-1_all.deb bbde718305160cecb03274e64d931c91 918532 devel extra asterisk-dev_1.8.10.0~dfsg-1_all.deb 8b065bcdecd98e7e28859792dc166825 969774 comm optional asterisk-config_1.8.10.0~dfsg-1_all.deb 41dab9aea5c7afd786b66be47153cd4f 1713248 comm optional asterisk_1.8.10.0~dfsg-1_amd64.deb fd1b58d8774f1c6841c5bf4b1d760606 2785926 libs optional asterisk-modules_1.8.10.0~dfsg-1_amd64.deb 0a0c958d3f44a2403dda1cb5f35a2a5d 876612 comm optional asterisk-dahdi_1.8.10.0~dfsg-1_amd64.deb 5bdefe0cd0cb48c924f5d91c4ae24fc5 653348 comm optional asterisk-voicemail_1.8.10.0~dfsg-1_amd64.deb 7b5963858e40908550aeb81f19c5f8ba 668776 comm optional asterisk-voicemail-imapstorage_1.8.10.0~dfsg-1_amd64.deb 1770002373c9370dbfaa77e9a55d3fda 659368 comm optional asterisk-voicemail-odbcstorage_1.8.10.0~dfsg-1_amd64.deb 9dd57ea1bc9b0bdd37cfc5aa58c74395 999460 comm optional asterisk-ooh423_1.8.10.0~dfsg-1_amd64.deb 9f37426382a7de8034b45cd867e4415b 595280 comm optional asterisk-mp3_1.8.10.0~dfsg-1_amd64.deb 89a89ca0ea76cd78eadeca53b355b7ed 619478 comm optional asterisk-mysql_1.8.10.0~dfsg-1_amd64.deb b54d8ee2fa3ad2145d23d8c4e937588a 608376 comm optional asterisk-mobile_1.8.10.0~dfsg-1_amd64.deb a61a9f168c75efba058e57912133d361 29393664 debug extra asterisk-dbg_1.8.10.0~dfsg-1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAk9lhFIACgkQoCzanz0IthKpFACdErTExK1rMv7wtgTqRxiYnepr Y4wAn2e8O0ICBveqYGFe3UtMfaJwqzzd =9E42 -----END PGP SIGNATURE-----
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org>:
Bug#664411; Package asterisk.
(Sun, 18 Mar 2012 15:21:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Tzafrir Cohen <tzafrir.cohen@xorcom.com>:
Extra info received and forwarded to list. Copy sent to Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org>.
(Sun, 18 Mar 2012 15:21:03 GMT) (full text, mbox, link).
Message #17 received at 664411@bugs.debian.org (full text, mbox, reply):
Vulmon
reopen 664411
thanks
We can't let such a good bug number get closed so fast, can we?
Anyway, the issue was fixed in 1.8.10.1, not 1.8.10.0 . Note that
the first of those issues should also be fixed in the Squeeze package.
Also: sorry for the delay in handling this. Working on it now.
--
Tzafrir Cohen
icq#16849755 jabber:tzafrir.cohen@xorcom.com
+972-50-7952406 mailto:tzafrir.cohen@xorcom.com
http://www.xorcom.com iax:guest@local.xorcom.com/tzafrir
Reply sent
to Mark Purcell <msp@debian.org>:
You have taken responsibility.
(Sat, 31 Mar 2012 02:51:12 GMT) (full text, mbox, link).
Notification sent
to Luciano Bello <luciano@debian.org>:
Bug acknowledged by developer.
(Sat, 31 Mar 2012 02:51:12 GMT) (full text, mbox, link).
Message #22 received at 664411-close@bugs.debian.org (full text, mbox, reply):
Source: asterisk Source-Version: 1:1.8.10.1~dfsg-1 We believe that the bug you reported is fixed in the latest version of asterisk, which is due to be installed in the Debian FTP archive: asterisk-config_1.8.10.1~dfsg-1_all.deb to main/a/asterisk/asterisk-config_1.8.10.1~dfsg-1_all.deb asterisk-dahdi_1.8.10.1~dfsg-1_amd64.deb to main/a/asterisk/asterisk-dahdi_1.8.10.1~dfsg-1_amd64.deb asterisk-dbg_1.8.10.1~dfsg-1_amd64.deb to main/a/asterisk/asterisk-dbg_1.8.10.1~dfsg-1_amd64.deb asterisk-dev_1.8.10.1~dfsg-1_all.deb to main/a/asterisk/asterisk-dev_1.8.10.1~dfsg-1_all.deb asterisk-doc_1.8.10.1~dfsg-1_all.deb to main/a/asterisk/asterisk-doc_1.8.10.1~dfsg-1_all.deb asterisk-mobile_1.8.10.1~dfsg-1_amd64.deb to main/a/asterisk/asterisk-mobile_1.8.10.1~dfsg-1_amd64.deb asterisk-modules_1.8.10.1~dfsg-1_amd64.deb to main/a/asterisk/asterisk-modules_1.8.10.1~dfsg-1_amd64.deb asterisk-mp3_1.8.10.1~dfsg-1_amd64.deb to main/a/asterisk/asterisk-mp3_1.8.10.1~dfsg-1_amd64.deb asterisk-mysql_1.8.10.1~dfsg-1_amd64.deb to main/a/asterisk/asterisk-mysql_1.8.10.1~dfsg-1_amd64.deb asterisk-ooh423_1.8.10.1~dfsg-1_amd64.deb to main/a/asterisk/asterisk-ooh423_1.8.10.1~dfsg-1_amd64.deb asterisk-voicemail-imapstorage_1.8.10.1~dfsg-1_amd64.deb to main/a/asterisk/asterisk-voicemail-imapstorage_1.8.10.1~dfsg-1_amd64.deb asterisk-voicemail-odbcstorage_1.8.10.1~dfsg-1_amd64.deb to main/a/asterisk/asterisk-voicemail-odbcstorage_1.8.10.1~dfsg-1_amd64.deb asterisk-voicemail_1.8.10.1~dfsg-1_amd64.deb to main/a/asterisk/asterisk-voicemail_1.8.10.1~dfsg-1_amd64.deb asterisk_1.8.10.1~dfsg-1.debian.tar.gz to main/a/asterisk/asterisk_1.8.10.1~dfsg-1.debian.tar.gz asterisk_1.8.10.1~dfsg-1.dsc to main/a/asterisk/asterisk_1.8.10.1~dfsg-1.dsc asterisk_1.8.10.1~dfsg-1_amd64.deb to main/a/asterisk/asterisk_1.8.10.1~dfsg-1_amd64.deb asterisk_1.8.10.1~dfsg.orig.tar.gz to main/a/asterisk/asterisk_1.8.10.1~dfsg.orig.tar.gz A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 664411@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Mark Purcell <msp@debian.org> (supplier of updated asterisk package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sat, 31 Mar 2012 08:44:57 +1100 Source: asterisk Binary: asterisk asterisk-modules asterisk-dahdi asterisk-voicemail asterisk-voicemail-imapstorage asterisk-voicemail-odbcstorage asterisk-ooh423 asterisk-mp3 asterisk-mysql asterisk-mobile asterisk-doc asterisk-dev asterisk-dbg asterisk-config Architecture: source all amd64 Version: 1:1.8.10.1~dfsg-1 Distribution: unstable Urgency: low Maintainer: Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org> Changed-By: Mark Purcell <msp@debian.org> Description: asterisk - Open Source Private Branch Exchange (PBX) asterisk-config - Configuration files for Asterisk asterisk-dahdi - DAHDI devices support for the Asterisk PBX asterisk-dbg - Debugging symbols for Asterisk asterisk-dev - Development files for Asterisk asterisk-doc - Source code documentation for Asterisk asterisk-mobile - Bluetooth phone support for the Asterisk PBX asterisk-modules - loadable modules for the Asterisk PBX asterisk-mp3 - MP3 playback support for the Asterisk PBX asterisk-mysql - MySQL database protocol support for the Asterisk PBX asterisk-ooh423 - H.323 protocol support for the Asterisk PBX - ooH323c asterisk-voicemail - simple voicemail support for the Asterisk PBX asterisk-voicemail-imapstorage - IMAP voicemail storage support for the Asterisk PBX asterisk-voicemail-odbcstorage - ODBC voicemail storage support for the Asterisk PBX Closes: 663998 664004 664411 665937 Changes: asterisk (1:1.8.10.1~dfsg-1) unstable; urgency=low . [ Victor Seva ] * Update backports/squeeze script gmime2.6 -> gmime2.4 . [ Tzafrir Cohen ] * New upstrean bug-fix release. - Fixes "[CVE-2012-1183 - CVE-2012-1184] Asterisk: AST-2012-002 and AST-2012-003 flaws" (Closes: #664411). * Patch gmime2.6 (Closes: #663998, #664004), also fixed Build-Depends. * Remove the text of RFC 3951 from the tarball. (Closes: #665937) Checksums-Sha1: 0be415987e5d5375a1c0c35f507c167c5d1ede52 2997 asterisk_1.8.10.1~dfsg-1.dsc 8d1d2ce5c08b4dc662f2d396bc92e914ca104ab9 7661601 asterisk_1.8.10.1~dfsg.orig.tar.gz bac8aff4a32efeda84b2f8bc41c5ab1ab9818bca 349229 asterisk_1.8.10.1~dfsg-1.debian.tar.gz 1ad2cc6d5be51e6db51fb0dbdefa8b7119dbb9e4 1954736 asterisk-doc_1.8.10.1~dfsg-1_all.deb 1bf414afb7fdc5a0f871cfc241d598968aed8351 918686 asterisk-dev_1.8.10.1~dfsg-1_all.deb 9065d2828c120b23ee4c5233c07fff0e3f100ee6 969962 asterisk-config_1.8.10.1~dfsg-1_all.deb 42f6db374b7b3ed2a327ea4bc31d5262f8018470 1712720 asterisk_1.8.10.1~dfsg-1_amd64.deb 37ef807d38c9bbeea83b29a2de3f696469a2248c 2786026 asterisk-modules_1.8.10.1~dfsg-1_amd64.deb 0956384f72b457df2f06c0a9036ccdacb645b2ce 876686 asterisk-dahdi_1.8.10.1~dfsg-1_amd64.deb 7349d37f398ba605167f4f0f1b20d78264668c9c 653442 asterisk-voicemail_1.8.10.1~dfsg-1_amd64.deb ee44e77a28ac167aaaac8268f5b7a78cccf6d6c8 668866 asterisk-voicemail-imapstorage_1.8.10.1~dfsg-1_amd64.deb 110d71a57ec7621e41dda67298d3f0395028bd40 659460 asterisk-voicemail-odbcstorage_1.8.10.1~dfsg-1_amd64.deb 2647109ccda830c50ef0855a3e7611d4d439c334 999592 asterisk-ooh423_1.8.10.1~dfsg-1_amd64.deb 4ab0d5efb9786444355c89218ae9bfda3770c7d4 595374 asterisk-mp3_1.8.10.1~dfsg-1_amd64.deb 92397da008e2ab80bd5ad9d1e58815fed6466db7 619574 asterisk-mysql_1.8.10.1~dfsg-1_amd64.deb 4a3a4274851c9e3ae558d7013f4d79d45a06ab0d 608468 asterisk-mobile_1.8.10.1~dfsg-1_amd64.deb 56d3cfcc4d7f9824e9556af929575dc2e287beb3 29486524 asterisk-dbg_1.8.10.1~dfsg-1_amd64.deb Checksums-Sha256: 45845eb457d8da703816e77364c0ce1c5c7011d8ce150902024f36886cb769b3 2997 asterisk_1.8.10.1~dfsg-1.dsc e7aece673e965f33bd2108cd89364a8c30b712bc3ded8ecfdb10370b3e7ccf50 7661601 asterisk_1.8.10.1~dfsg.orig.tar.gz 68c87c16142156cce4d2b2e842ecd198995ab9f56aad893ecd41801522896d8b 349229 asterisk_1.8.10.1~dfsg-1.debian.tar.gz 63ce771a2673456bb35bd4e12b68472cefe8b70bfe1163690086cbc548c960bb 1954736 asterisk-doc_1.8.10.1~dfsg-1_all.deb 266362f35b71a8e987a98c27005cafe6dd031df00d6c3a0261de77a60614b2eb 918686 asterisk-dev_1.8.10.1~dfsg-1_all.deb 1f396cdad0aca052a3b6fed07395757415c78ae800dfa4fed77e46aa6b0cfeaf 969962 asterisk-config_1.8.10.1~dfsg-1_all.deb 0cdb70619de5b367072829bdc2b8e577fc29d9c61be4b00fb395f918af5d8657 1712720 asterisk_1.8.10.1~dfsg-1_amd64.deb d54cf6b24df64c75c627b3a6c2109c2f948c8e51cc0d180affe53ad7e31905c0 2786026 asterisk-modules_1.8.10.1~dfsg-1_amd64.deb b13690bb0fa1cc41a9122f0d3bae6bb5d45c879d4b25ea24024d6b797b0f6daf 876686 asterisk-dahdi_1.8.10.1~dfsg-1_amd64.deb fcb1ebef8ddcb8728a9fad6c8dd6c33d4c3e365ef792e9f1de69e735a57ee191 653442 asterisk-voicemail_1.8.10.1~dfsg-1_amd64.deb 169f33fa8af2263c7bb34eb37b0e7811ebf4a9d9a5121b0c35da5cb377218d58 668866 asterisk-voicemail-imapstorage_1.8.10.1~dfsg-1_amd64.deb 90d892341924bdcbe6b627d6b471e5f656dcf0a350790901c83e32c52aeebc09 659460 asterisk-voicemail-odbcstorage_1.8.10.1~dfsg-1_amd64.deb 1580f5639984f5e5554df224ba1c2fd82aa1f1da5364e4e77963a08073ef61ad 999592 asterisk-ooh423_1.8.10.1~dfsg-1_amd64.deb cca4edfc26d75ad017ef18a131b78c9835150ba3a2a97b0400e0b5eccdc159bb 595374 asterisk-mp3_1.8.10.1~dfsg-1_amd64.deb dfc532cdd3a7128fe80df8fe7f97d969b06387a6880cf8ff737ad063ca3636ff 619574 asterisk-mysql_1.8.10.1~dfsg-1_amd64.deb eee36af698d7c04fe24829ff62f943ac28e1c056491ce98dc4d7e444898f3570 608468 asterisk-mobile_1.8.10.1~dfsg-1_amd64.deb fdf12b126eedfb11af0d1b7f66591e258676c63a9123b97c46327b4a3ff308d0 29486524 asterisk-dbg_1.8.10.1~dfsg-1_amd64.deb Files: 02e8792bc9e373d6f22fc6105854f6e4 2997 comm optional asterisk_1.8.10.1~dfsg-1.dsc 608c26eb9cf45d909b68333f586c5a5a 7661601 comm optional asterisk_1.8.10.1~dfsg.orig.tar.gz e68347caff4d87831fe563614812161b 349229 comm optional asterisk_1.8.10.1~dfsg-1.debian.tar.gz 726b838c19825f4247399c00b98fecf8 1954736 doc extra asterisk-doc_1.8.10.1~dfsg-1_all.deb 771d13186613e58cadb433d1798f8f58 918686 devel extra asterisk-dev_1.8.10.1~dfsg-1_all.deb 496fd3c1bcd61fdc2f4fda3dfa39f204 969962 comm optional asterisk-config_1.8.10.1~dfsg-1_all.deb a909581c8e4d65d1c4bb4e12ca7a09e5 1712720 comm optional asterisk_1.8.10.1~dfsg-1_amd64.deb 6eb1ee09b1036379e0405183d458fdfe 2786026 libs optional asterisk-modules_1.8.10.1~dfsg-1_amd64.deb 6bbfe41e9b251654493d703982043b74 876686 comm optional asterisk-dahdi_1.8.10.1~dfsg-1_amd64.deb 7d24f21e9d9e4cc9132dae0657de344e 653442 comm optional asterisk-voicemail_1.8.10.1~dfsg-1_amd64.deb 1e222c549f2353dcf2b18a1ae582ecc7 668866 comm optional asterisk-voicemail-imapstorage_1.8.10.1~dfsg-1_amd64.deb bf6022f6887949d2f025e3d975230c70 659460 comm optional asterisk-voicemail-odbcstorage_1.8.10.1~dfsg-1_amd64.deb c11c1bb8565fa971927d218fc99c5795 999592 comm optional asterisk-ooh423_1.8.10.1~dfsg-1_amd64.deb 415a112f264ca580c3efcc64a35721e8 595374 comm optional asterisk-mp3_1.8.10.1~dfsg-1_amd64.deb 819bae109852fbcf2b6ecc27edfaecca 619574 comm optional asterisk-mysql_1.8.10.1~dfsg-1_amd64.deb c53cfa01d347f969676596c5ee589c65 608468 comm optional asterisk-mobile_1.8.10.1~dfsg-1_amd64.deb a20bf26490757f35bfa7a7fa3cad189d 29486524 debug extra asterisk-dbg_1.8.10.1~dfsg-1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAk92PfoACgkQoCzanz0IthKMFACeNxGS1Vf0nbS+m6sylxXFy30y 82MAn1PWnQgTsVr6TSMeTsBlRxgCmo3Q =j3Pe -----END PGP SIGNATURE-----
Reply sent
to Tzafrir Cohen <tzafrir@debian.org>:
You have taken responsibility.
(Wed, 25 Apr 2012 19:51:17 GMT) (full text, mbox, link).
Notification sent
to Luciano Bello <luciano@debian.org>:
Bug acknowledged by developer.
(Wed, 25 Apr 2012 19:51:17 GMT) (full text, mbox, link).
Message #27 received at 664411-close@bugs.debian.org (full text, mbox, reply):
Source: asterisk Source-Version: 1:1.6.2.9-2+squeeze5 We believe that the bug you reported is fixed in the latest version of asterisk, which is due to be installed in the Debian FTP archive: asterisk-config_1.6.2.9-2+squeeze5_all.deb to main/a/asterisk/asterisk-config_1.6.2.9-2+squeeze5_all.deb asterisk-dbg_1.6.2.9-2+squeeze5_amd64.deb to main/a/asterisk/asterisk-dbg_1.6.2.9-2+squeeze5_amd64.deb asterisk-dev_1.6.2.9-2+squeeze5_all.deb to main/a/asterisk/asterisk-dev_1.6.2.9-2+squeeze5_all.deb asterisk-doc_1.6.2.9-2+squeeze5_all.deb to main/a/asterisk/asterisk-doc_1.6.2.9-2+squeeze5_all.deb asterisk-h423_1.6.2.9-2+squeeze5_amd64.deb to main/a/asterisk/asterisk-h423_1.6.2.9-2+squeeze5_amd64.deb asterisk-sounds-main_1.6.2.9-2+squeeze5_all.deb to main/a/asterisk/asterisk-sounds-main_1.6.2.9-2+squeeze5_all.deb asterisk_1.6.2.9-2+squeeze5.debian.tar.gz to main/a/asterisk/asterisk_1.6.2.9-2+squeeze5.debian.tar.gz asterisk_1.6.2.9-2+squeeze5.dsc to main/a/asterisk/asterisk_1.6.2.9-2+squeeze5.dsc asterisk_1.6.2.9-2+squeeze5_amd64.deb to main/a/asterisk/asterisk_1.6.2.9-2+squeeze5_amd64.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 664411@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Tzafrir Cohen <tzafrir@debian.org> (supplier of updated asterisk package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Wed, 25 Apr 2012 12:00:20 +0300 Source: asterisk Binary: asterisk asterisk-h423 asterisk-doc asterisk-dev asterisk-dbg asterisk-sounds-main asterisk-config Architecture: source all amd64 Version: 1:1.6.2.9-2+squeeze5 Distribution: stable-security Urgency: high Maintainer: Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org> Changed-By: Tzafrir Cohen <tzafrir@debian.org> Description: asterisk - Open Source Private Branch Exchange (PBX) asterisk-config - Configuration files for Asterisk asterisk-dbg - Debugging symbols for Asterisk asterisk-dev - Development files for Asterisk asterisk-doc - Source code documentation for Asterisk asterisk-h423 - H.323 protocol support for Asterisk asterisk-sounds-main - Core Sound files for Asterisk (English) Closes: 656208 664411 670180 Changes: asterisk (1:1.6.2.9-2+squeeze5) stable-security; urgency=high . * Do include patch AST-2011-014. * Quote pathes in postinst script: Closes: #656208 (Pocos). * Patch AST-2012-002 Stack overflow in Milliwatt (CVE-2012-1183): Closes: #664411. * Two extra patches: Closes: #670180: - Patch AST-2012-004 - further Manager permission fixes (CVE-2012-2414). - Patch AST-2012-005 - Heap overflow in chan_skinny (CVE-2012-2415). Checksums-Sha1: 39a654f665c9877b744da41c85415063c514645d 2219 asterisk_1.6.2.9-2+squeeze5.dsc 272ca90631534f1be876b1c647f4c748995a338e 95666 asterisk_1.6.2.9-2+squeeze5.debian.tar.gz d22c86ddbccd2c7159794fc9e85a6456117d665c 1704596 asterisk-doc_1.6.2.9-2+squeeze5_all.deb b504c38c20ef63650c296a2591b936a8ef1e5b75 636010 asterisk-dev_1.6.2.9-2+squeeze5_all.deb fa24391b58a601f9f13d5c56fdf3a721b2a75567 2187404 asterisk-sounds-main_1.6.2.9-2+squeeze5_all.deb 401aad085b929b8af94883f0ed410a540ce0b6c3 716888 asterisk-config_1.6.2.9-2+squeeze5_all.deb ab444f57366e641d752a26166c0a429e6be7eeb2 3600454 asterisk_1.6.2.9-2+squeeze5_amd64.deb 9da8b8e67f3ad878eac75f442f5e4ac83800a463 533716 asterisk-h423_1.6.2.9-2+squeeze5_amd64.deb 805a0c67df41ea85e179c0514aac9965aa6a0d71 20343088 asterisk-dbg_1.6.2.9-2+squeeze5_amd64.deb Checksums-Sha256: 5554cc456c8090c283181a01ff9564b822a699dde53fad13fb9e9f49093c44d2 2219 asterisk_1.6.2.9-2+squeeze5.dsc 4dc90ee5deba709e886169118ac81c5f8b8ef26040f94ced9352771b40de1c52 95666 asterisk_1.6.2.9-2+squeeze5.debian.tar.gz af239e5e4d8dba1ac64821df41b0fdf6f6fb14ddd59b53b53163c63a36f8de8d 1704596 asterisk-doc_1.6.2.9-2+squeeze5_all.deb 7843a5cae8b2437d357800021a9e006a01be510715efc361cafb096b3dea36b3 636010 asterisk-dev_1.6.2.9-2+squeeze5_all.deb af6d122aed7482853a663232b32f2b79828f4a139e7114bd135f682751b056db 2187404 asterisk-sounds-main_1.6.2.9-2+squeeze5_all.deb fd67292af699736009b311a3b13705fd77c6f3fe533cff1e52a867d3ab532d35 716888 asterisk-config_1.6.2.9-2+squeeze5_all.deb 49c94c01541eecc59f6088a9b25b2f240b07370fbcbe48861c550f9e38d097ab 3600454 asterisk_1.6.2.9-2+squeeze5_amd64.deb 4bf242a1095b356a0eee049e128ccd25a60b6fa06395c8258401c6a1b9b06520 533716 asterisk-h423_1.6.2.9-2+squeeze5_amd64.deb f20b99640e9a9d60824c5a06904f5089fceee6d17bb021ec1a97a8f78e49c196 20343088 asterisk-dbg_1.6.2.9-2+squeeze5_amd64.deb Files: a85bafc2172ee137b83298adf9d02fe3 2219 comm optional asterisk_1.6.2.9-2+squeeze5.dsc 755e034ce92db1d81ac6f4919aaeaa26 95666 comm optional asterisk_1.6.2.9-2+squeeze5.debian.tar.gz b7d8b907be2d7c0b9f79cace17c1ad6a 1704596 doc extra asterisk-doc_1.6.2.9-2+squeeze5_all.deb b1132fcb341709b8413e353aa2f7ec0f 636010 devel extra asterisk-dev_1.6.2.9-2+squeeze5_all.deb 4da02fbf40c57e24e9ae31b68833f161 2187404 comm optional asterisk-sounds-main_1.6.2.9-2+squeeze5_all.deb 3d527114409b9ff7b0e743efa71bb954 716888 comm optional asterisk-config_1.6.2.9-2+squeeze5_all.deb 7f4ce857b2d6fbf1f7cff77806eb369e 3600454 comm optional asterisk_1.6.2.9-2+squeeze5_amd64.deb 7d88d30157900f9f82d0279cfdca0aed 533716 comm optional asterisk-h423_1.6.2.9-2+squeeze5_amd64.deb 17779d76a8f5aa8fd1aa780f1091a4eb 20343088 debug extra asterisk-dbg_1.6.2.9-2+squeeze5_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAk+X77gACgkQxArWdkN9MotMDQCeP6JLAXX37YWwlFxGQMnsbWwi 27QAn3c6NOrHD2q3EjQczDwNILKvW2vN =SpfK -----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Thu, 24 May 2012 07:34:23 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.
Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.