Debian Bug report logs -
#629130
AST-2011-007 remote crash in SIP driver
Reported by: "Thijs Kinkhorst" <thijs@debian.org>
Date: Fri, 3 Jun 2011 18:18:05 UTC
Severity: serious
Tags: security
Found in version asterisk/1:1.8.3.3-1
Fixed in version asterisk/1:1.8.4.2-1
Done: Tzafrir Cohen <tzafrir@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org>:
Bug#629130; Package asterisk.
(Fri, 03 Jun 2011 18:18:08 GMT) (full text, mbox, link).
Acknowledgement sent
to "Thijs Kinkhorst" <thijs@debian.org>:
New Bug report received and forwarded. Copy sent to Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org>.
(Fri, 03 Jun 2011 18:18:08 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: asterisk
Version: 1:1.8.3.3-1
Severity: serious
Tags: security
Hi,
A remote DoS was reported in AST-2011-007:
http://downloads.asterisk.org/pub/security/AST-2011-007.html
This affects only the version in unstable, this bug will prevent migration
of that version until fixed. Please mention CVE-2011-2216 in your
changelog when correcting this issue.
Cheers,
Thijs
Reply sent
to Tzafrir Cohen <tzafrir@debian.org>:
You have taken responsibility.
(Fri, 03 Jun 2011 23:21:25 GMT) (full text, mbox, link).
Notification sent
to "Thijs Kinkhorst" <thijs@debian.org>:
Bug acknowledged by developer.
(Fri, 03 Jun 2011 23:21:25 GMT) (full text, mbox, link).
Message #10 received at 629130-close@bugs.debian.org (full text, mbox, reply):
Source: asterisk
Source-Version: 1:1.8.4.2-1
We believe that the bug you reported is fixed in the latest version of
asterisk, which is due to be installed in the Debian FTP archive:
asterisk-config_1.8.4.2-1_all.deb
to main/a/asterisk/asterisk-config_1.8.4.2-1_all.deb
asterisk-dahdi_1.8.4.2-1_amd64.deb
to main/a/asterisk/asterisk-dahdi_1.8.4.2-1_amd64.deb
asterisk-dbg_1.8.4.2-1_amd64.deb
to main/a/asterisk/asterisk-dbg_1.8.4.2-1_amd64.deb
asterisk-dev_1.8.4.2-1_all.deb
to main/a/asterisk/asterisk-dev_1.8.4.2-1_all.deb
asterisk-doc_1.8.4.2-1_all.deb
to main/a/asterisk/asterisk-doc_1.8.4.2-1_all.deb
asterisk-h423_1.8.4.2-1_amd64.deb
to main/a/asterisk/asterisk-h423_1.8.4.2-1_amd64.deb
asterisk-mobile_1.8.4.2-1_amd64.deb
to main/a/asterisk/asterisk-mobile_1.8.4.2-1_amd64.deb
asterisk-modules_1.8.4.2-1_amd64.deb
to main/a/asterisk/asterisk-modules_1.8.4.2-1_amd64.deb
asterisk-mp3_1.8.4.2-1_amd64.deb
to main/a/asterisk/asterisk-mp3_1.8.4.2-1_amd64.deb
asterisk-mysql_1.8.4.2-1_amd64.deb
to main/a/asterisk/asterisk-mysql_1.8.4.2-1_amd64.deb
asterisk-ooh423_1.8.4.2-1_amd64.deb
to main/a/asterisk/asterisk-ooh423_1.8.4.2-1_amd64.deb
asterisk-voicemail-imapstorage_1.8.4.2-1_amd64.deb
to main/a/asterisk/asterisk-voicemail-imapstorage_1.8.4.2-1_amd64.deb
asterisk-voicemail-odbcstorage_1.8.4.2-1_amd64.deb
to main/a/asterisk/asterisk-voicemail-odbcstorage_1.8.4.2-1_amd64.deb
asterisk-voicemail_1.8.4.2-1_amd64.deb
to main/a/asterisk/asterisk-voicemail_1.8.4.2-1_amd64.deb
asterisk_1.8.4.2-1.debian.tar.gz
to main/a/asterisk/asterisk_1.8.4.2-1.debian.tar.gz
asterisk_1.8.4.2-1.dsc
to main/a/asterisk/asterisk_1.8.4.2-1.dsc
asterisk_1.8.4.2-1_amd64.deb
to main/a/asterisk/asterisk_1.8.4.2-1_amd64.deb
asterisk_1.8.4.2.orig.tar.gz
to main/a/asterisk/asterisk_1.8.4.2.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 629130@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Tzafrir Cohen <tzafrir@debian.org> (supplier of updated asterisk package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 03 Jun 2011 23:20:29 +0300
Source: asterisk
Binary: asterisk asterisk-modules asterisk-h423 asterisk-dahdi asterisk-voicemail asterisk-voicemail-imapstorage asterisk-voicemail-odbcstorage asterisk-ooh423 asterisk-mp3 asterisk-mysql asterisk-mobile asterisk-doc asterisk-dev asterisk-dbg asterisk-config
Architecture: source all amd64
Version: 1:1.8.4.2-1
Distribution: unstable
Urgency: low
Maintainer: Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org>
Changed-By: Tzafrir Cohen <tzafrir@debian.org>
Description:
asterisk - Open Source Private Branch Exchange (PBX)
asterisk-config - Configuration files for Asterisk
asterisk-dahdi - DAHDI devices support for the Asterisk PBX
asterisk-dbg - Debugging symbols for Asterisk
asterisk-dev - Development files for Asterisk
asterisk-doc - Source code documentation for Asterisk
asterisk-h423 - H.323 protocol support for the Asterisk PBX
asterisk-mobile - Bluetooth phone support for the Asterisk PBX
asterisk-modules - loadable modules for the Asterisk PBX
asterisk-mp3 - MP3 playback support for the Asterisk PBX (DUMMY)
asterisk-mysql - MySQL database protocol support for the Asterisk PBX
asterisk-ooh423 - H.323 protocol support for the Asterisk PBX - ooH323c
asterisk-voicemail - simple voicemail support for the Asterisk PBX
asterisk-voicemail-imapstorage - IMAP voicemail storage support for the Asterisk PBX
asterisk-voicemail-odbcstorage - ODBC voicemail storage support for the Asterisk PBX
Closes: 629130
Changes:
asterisk (1:1.8.4.2-1) unstable; urgency=low
.
* New upstream point release:
- Fixes CVE-2011-2216 - AST-2011-007 (Closes: #629130).
* Patch gcc46: Fix the induced regression.
* Blacklist SRTP support on Sparc and hurd-i386 until SRTP available there.
Checksums-Sha1:
1d77c7ac4a9e30eed4ece778deb47b72e424d521 2483 asterisk_1.8.4.2-1.dsc
f5fc8c0c4343ec1d6831b1810602d223af8dc9c9 27012984 asterisk_1.8.4.2.orig.tar.gz
cb951e4fa3d2e12d587589a02f5275e64354a36f 111020 asterisk_1.8.4.2-1.debian.tar.gz
d08a54808500b1ac7421daaa7f9c36ad975d17b9 4265736 asterisk-doc_1.8.4.2-1_all.deb
26039f3fa4c4e5a3f6d0bbbe3854a29c0b6272f3 791748 asterisk-dev_1.8.4.2-1_all.deb
15def179dd059feaaeb4716fa31547f29facf174 842562 asterisk-config_1.8.4.2-1_all.deb
e357d112976ad2c3ecbdce677b9511885b9fb3c3 1565434 asterisk_1.8.4.2-1_amd64.deb
357a7f3facef4fd95c27a5f5bd01f5ad821eeb8c 2557582 asterisk-modules_1.8.4.2-1_amd64.deb
7a96ab5245264976a0fffd4d1da72b57dc31ead0 603294 asterisk-h423_1.8.4.2-1_amd64.deb
c20cdda5b98505c4b334e764ae546a8749ef0591 734744 asterisk-dahdi_1.8.4.2-1_amd64.deb
bd4c6dd5a167ab815d1c0ed7891e3bd3133b1974 529666 asterisk-voicemail_1.8.4.2-1_amd64.deb
a5640db9b83b4508f99248423f34b3b5fb88eacc 544642 asterisk-voicemail-imapstorage_1.8.4.2-1_amd64.deb
06f650cc0242ed30e9e0f300469be76eb2ec4eaf 535228 asterisk-voicemail-odbcstorage_1.8.4.2-1_amd64.deb
17216d0b1f00d5babe4ed86e851a16df3d620210 869200 asterisk-ooh423_1.8.4.2-1_amd64.deb
04229c624c501244d93bd5bbafa6600042cfd5a7 473256 asterisk-mp3_1.8.4.2-1_amd64.deb
b6880355b57fbf7d5db2bb9a52335f2af3248758 496938 asterisk-mysql_1.8.4.2-1_amd64.deb
3d5fd63c6926d510907fb3f71691f2da5f186443 486878 asterisk-mobile_1.8.4.2-1_amd64.deb
2abeeeba9d1426bb11d0dce3cd2332ef046898de 28679528 asterisk-dbg_1.8.4.2-1_amd64.deb
Checksums-Sha256:
25c94cc6f34a159a664cb3190c59f3ff542972b635ec836b09e2ef7650e2e9d3 2483 asterisk_1.8.4.2-1.dsc
c61086aaa49a675aa3325c9bcfc2c2e378688fee769207448527de56a6393d0b 27012984 asterisk_1.8.4.2.orig.tar.gz
0eb3543c0cbf621eb112032b053265cb3828b0c02a0de63fce9a70373ee244aa 111020 asterisk_1.8.4.2-1.debian.tar.gz
6020f4386d99c8fa009acba73b39b7a7704cc3bb15b83d8618b97a15c22e2a65 4265736 asterisk-doc_1.8.4.2-1_all.deb
4db53686440a0921501dcdd81dfc6b81e5ff07736bbe5f0e52b32e888d54e55d 791748 asterisk-dev_1.8.4.2-1_all.deb
512e024940fcacecd767cb17c5de13717b2e0fcdb05eeb0bccd66bfe290443c1 842562 asterisk-config_1.8.4.2-1_all.deb
0f14fa843041f101747d9a57cb37edf2efe51f20530d6232ea1cab6a1074f86a 1565434 asterisk_1.8.4.2-1_amd64.deb
822f7d07969d6ac7514de7a37fcc88e9c53ca59e7f72ea5ef6149bdfb482fb80 2557582 asterisk-modules_1.8.4.2-1_amd64.deb
18c3e4c598097858ee642eb98f955202e29792737098951953d05a7b956384be 603294 asterisk-h423_1.8.4.2-1_amd64.deb
bbe503febefb8b04f8d531aacd70fa64c7dc9a5b3237c85bd35f45bf83995ea5 734744 asterisk-dahdi_1.8.4.2-1_amd64.deb
9ce01cbd023bcf383a205395f6ec3e81d978b72f88197abed4c030e3d05eb576 529666 asterisk-voicemail_1.8.4.2-1_amd64.deb
a7b99f2ca18a3d4a7d21c33a57925845a41bc054c1727ea7f0b86309c0b71f1b 544642 asterisk-voicemail-imapstorage_1.8.4.2-1_amd64.deb
53ffdabef608084449bd018fe91b53afb983515445162248791bbcddfcbfe746 535228 asterisk-voicemail-odbcstorage_1.8.4.2-1_amd64.deb
22907772e19f7b548aae21734b7613a1da101ec85f5bd6d11c21fda6d7938197 869200 asterisk-ooh423_1.8.4.2-1_amd64.deb
168288b73b75aa7d56a2468b996e70a0d7a79360b2571c80a6bca6a533e60910 473256 asterisk-mp3_1.8.4.2-1_amd64.deb
0de5b8068e0a53edd7a04d39e22a33c13e72ec50bc061299219f5c444c30c4a0 496938 asterisk-mysql_1.8.4.2-1_amd64.deb
bf8f7961288f173ba6946ac6aef7293d2a7965fc4d68e99f1e1eb66fafd19181 486878 asterisk-mobile_1.8.4.2-1_amd64.deb
c34ff1c8def4ae8daded639c652b2932b9b3889a3de85f29b49c321cdafdccec 28679528 asterisk-dbg_1.8.4.2-1_amd64.deb
Files:
a55b5f5aeb99ef841116b4179cb80270 2483 comm optional asterisk_1.8.4.2-1.dsc
930ce297119e9feb201779d524653371 27012984 comm optional asterisk_1.8.4.2.orig.tar.gz
39d1d4662a6be55bbaf91211981aa43c 111020 comm optional asterisk_1.8.4.2-1.debian.tar.gz
3ea2645ed07e006914b0147b8cbc877f 4265736 doc extra asterisk-doc_1.8.4.2-1_all.deb
8840792990ab602f19d16d8e35debaef 791748 devel extra asterisk-dev_1.8.4.2-1_all.deb
96445f89542597dbcf4b3d36c29dd15e 842562 comm optional asterisk-config_1.8.4.2-1_all.deb
cb9e8e2d8e1397cdb2af1b094ad58c95 1565434 comm optional asterisk_1.8.4.2-1_amd64.deb
d0294669f4e09db0e5a29c034278cf4e 2557582 libs optional asterisk-modules_1.8.4.2-1_amd64.deb
75a556065fa05fe315fc84477131ab6f 603294 comm optional asterisk-h423_1.8.4.2-1_amd64.deb
3be8dc64b0e0bb7b4cbd8b6d162733bc 734744 comm optional asterisk-dahdi_1.8.4.2-1_amd64.deb
dee99a5463703a5b93d45db6a0cb371f 529666 comm optional asterisk-voicemail_1.8.4.2-1_amd64.deb
eebbecd7b3976a4e00787c38fd82b920 544642 comm optional asterisk-voicemail-imapstorage_1.8.4.2-1_amd64.deb
429bef01be7d754654a270ad9098f28e 535228 comm optional asterisk-voicemail-odbcstorage_1.8.4.2-1_amd64.deb
416d776afd8ffdd454b30de01bbf1140 869200 comm optional asterisk-ooh423_1.8.4.2-1_amd64.deb
e04bcc7e2eb887442bb8f0e9348da31a 473256 comm optional asterisk-mp3_1.8.4.2-1_amd64.deb
1384957a999da9d7cb82758299e2f7d9 496938 comm optional asterisk-mysql_1.8.4.2-1_amd64.deb
1a75a4c4de022e33585b78894aa8ce53 486878 comm optional asterisk-mobile_1.8.4.2-1_amd64.deb
cb86dbdc187fdbbb225a1f7fceadd282 28679528 debug extra asterisk-dbg_1.8.4.2-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk3pVbAACgkQxArWdkN9MovxHQCgmWbfdR6rzn+2/h45UkIr6GVn
7qcAoN+nH8LrOJa0y45PcOJw7+dQJ4Hv
=c5Fe
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 03 Jul 2011 07:34:34 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 17:10:55 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon