Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

asterisk: CVE-2016-7550: AST-2016-006

Related Vulnerabilities: CVE-2016-7550   CVE-2016-7551  

Source

Debian Bug report logs - #838833
asterisk: CVE-2016-7550: AST-2016-006

version graph

Package: src:asterisk; Maintainer for src:asterisk is Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org>;

Reported by: Salvatore Bonaccorso <carnil@debian.org>

Date: Sun, 25 Sep 2016 15:03:02 UTC

Severity: grave

Tags: security, upstream

Found in version asterisk/1:13.10.0~dfsg-1

Fixed in version asterisk/1:13.11.2~dfsg-1

Done: Bernhard Schmidt <berni@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org>:
Bug#838833; Package src:asterisk. (Sun, 25 Sep 2016 15:03:04 GMT) (full text, mbox, link).

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org>. (Sun, 25 Sep 2016 15:03:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: asterisk: AST-2016-006
Date: Sun, 25 Sep 2016 16:59:00 +0200
Source: asterisk
Version: 1:13.10.0~dfsg-1
Severity: grave
Tags: security upstream

Hi

See the upstream advisory at
http://downloads.asterisk.org/pub/security/AST-2016-006.html . AFAICS,
still no CVE was assigned for this issue.

Regards,
Salvatore

Changed Bug title to 'asterisk: CVE-2016-7550: AST-2016-006' from 'asterisk: AST-2016-006'. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Mon, 26 Sep 2016 05:15:03 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org>:
Bug#838833; Package src:asterisk. (Sat, 15 Oct 2016 08:45:03 GMT) (full text, mbox, link).

Acknowledgement sent to Petter Reinholdtsen <pere@hungry.com>:
Extra info received and forwarded to list. Copy sent to Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org>. (Sat, 15 Oct 2016 08:45:03 GMT) (full text, mbox, link).

Message #12 received at 838833@bugs.debian.org (full text, mbox, reply):

From: Petter Reinholdtsen <pere@hungry.com>
To: 838833@bugs.debian.org
Subject: Re: asterisk: AST-2016-006
Date: Sat, 15 Oct 2016 10:41:27 +0200
The issue is tracked by the security team as
<URL: https://security-tracker.debian.org/tracker/CVE-2016-7550 >.

I guess the easiest fix is to upgrade the unstable version from upstream,
as the older versions of Debian are not affected and a quick search did not
point me to a patch.

-- 
Happy hacking
Petter Reinholdtsen

Reply sent to Bernhard Schmidt <berni@debian.org>:
You have taken responsibility. (Fri, 28 Oct 2016 07:36:35 GMT) (full text, mbox, link).

Notification sent to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer. (Fri, 28 Oct 2016 07:36:35 GMT) (full text, mbox, link).

Message #17 received at 838833-close@bugs.debian.org (full text, mbox, reply):

From: Bernhard Schmidt <berni@debian.org>
To: 838833-close@bugs.debian.org
Subject: Bug#838833: fixed in asterisk 1:13.11.2~dfsg-1
Date: Fri, 28 Oct 2016 07:22:44 +0000
Source: asterisk
Source-Version: 1:13.11.2~dfsg-1

We believe that the bug you reported is fixed in the latest version of
asterisk, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 838833@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bernhard Schmidt <berni@debian.org> (supplier of updated asterisk package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 27 Oct 2016 13:06:22 +0200
Source: asterisk
Binary: asterisk asterisk-modules asterisk-dahdi asterisk-vpb asterisk-voicemail asterisk-voicemail-imapstorage asterisk-voicemail-odbcstorage asterisk-ooh423 asterisk-mp3 asterisk-mysql asterisk-mobile asterisk-doc asterisk-dev asterisk-dbg asterisk-config
Architecture: source
Version: 1:13.11.2~dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org>
Changed-By: Bernhard Schmidt <berni@debian.org>
Description:
 asterisk   - Open Source Private Branch Exchange (PBX)
 asterisk-config - Configuration files for Asterisk
 asterisk-dahdi - DAHDI devices support for the Asterisk PBX
 asterisk-dbg - Debugging symbols for Asterisk
 asterisk-dev - Development files for Asterisk
 asterisk-doc - Source code documentation for Asterisk
 asterisk-mobile - Bluetooth phone support for the Asterisk PBX
 asterisk-modules - loadable modules for the Asterisk PBX
 asterisk-mp3 - MP3 playback support for the Asterisk PBX
 asterisk-mysql - MySQL database protocol support for the Asterisk PBX
 asterisk-ooh423 - H.323 protocol support for the Asterisk PBX - ooH323c
 asterisk-voicemail - simple voicemail support for the Asterisk PBX
 asterisk-voicemail-imapstorage - IMAP voicemail storage support for the Asterisk PBX
 asterisk-voicemail-odbcstorage - ODBC voicemail storage support for the Asterisk PBX
 asterisk-vpb - VoiceTronix devices support for the Asterisk PBX
Closes: 836953 838832 838833
Changes:
 asterisk (1:13.11.2~dfsg-1) unstable; urgency=medium
 .
   * Update d/u/signing-keys.asc for 13.11.2
     - Add Matthew Fredrickson (0x8438CBA18D0CAA72)
     - Drop Joshua Colp (0xDAB29B236B940F89)
   * New upstream version 13.11.2~dfsg
     - Update d/p/systemd.patch for new release
     - Refresh/unfuzz patches
     - fixes CVE-2016-7550 (Closes: #838833)
     - fixes CVE-2016-7551 (Closes: #838832)
   * Build-depend on libradcli-dev again, libfreeradius-client-dev is dropped
     from sid (Closes: #836953)
   * fix obsolete build-dep libmysqlclient-dev -> default-libmysqlclient-dev
   * add lsb-base dependency to asterisk
Checksums-Sha1:
 6767508f8d9ad5942562e85eb6d065dc4e334214 4055 asterisk_13.11.2~dfsg-1.dsc
 0fda1ede6707e88154770dc9f14ba51c56f83fd4 6034912 asterisk_13.11.2~dfsg.orig.tar.xz
 4cf286254d547ad0a34ff2ca90f11be6c6c8254c 120836 asterisk_13.11.2~dfsg-1.debian.tar.xz
Checksums-Sha256:
 3bb13ec4d123d682286233934872c2808de315f50a51de8cc9fe106dd9c02979 4055 asterisk_13.11.2~dfsg-1.dsc
 766449faeddd277d0081faa98f759bc5a7a904ad8c1c0aedeea678a03e7b45b7 6034912 asterisk_13.11.2~dfsg.orig.tar.xz
 86da4d400e5e9924f2f3f967a0bb2a4fbabb8181cb4398d8b22dc687b069cf4f 120836 asterisk_13.11.2~dfsg-1.debian.tar.xz
Files:
 7799ede659454ce1dd134c0562370785 4055 comm optional asterisk_13.11.2~dfsg-1.dsc
 c269a04efeb65b2078303aa1acefcde2 6034912 comm optional asterisk_13.11.2~dfsg.orig.tar.xz
 7a33c6eb6cbad1c282f32782244f1b01 120836 comm optional asterisk_13.11.2~dfsg-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIuBAEBCAAYBQJYEu8wERxiZXJuaUBkZWJpYW4ub3JnAAoJEHdQeeW4ULyTuxcQ
AINTktqZL3CdaWg152DUZQhHx51yi5G7qY4IkcwCqj0QedWHgK80JvT1Cgwh4Zp0
g+dfOUoxxhEA+2vEDg603L0YV1/61TfACXx8LvN/+IZK3NMC/WIjaCbSuPFO43Hf
+fsEQkwp7iU0WLnUF8s1t1NtQjskCZeuP6GwSZnqntGyiGXejHthpfGhbD4ud7Ak
1Dq0p8Qsw7Q83v0SuwCpf6pAUZ/UMb1rC3zyB853TFuuW8jdG6mY4u8UdeQvHwO3
Agi3lfxjQr9CpA1Zt4cm0tXxXROJjlbQij0atWHqMVoL+JbaQmSrFn5Jt6671ftn
F++1JMjJEOZ129j/oIN7J+BQ2eEXlpSSE+EQgGYqP2pTIbxweE59bTQOz0HqbF8S
FDx+3NcMSjxdIhmEa6jLM3lzLYsJSd1zv6VH3BckMreCB4blUC8rrirXFQm23flU
9X+ouLD5xYP2iNetfDJOgFMmUaaohsS8kG1ahBta0YIl4CQCVotiXQF8OdKwk+kG
ssB4Q0qO7UEQtNhRuTJrMWPLS0Uq4PX0L5JlVbLW8WrTYGd7bqLiIFwboqaur3i9
BdFYtUYBM6zeq72MIEKKr/KsJOKRBRI2n/a7Z5zE8y2Ew5mtE4aDGkvg1l+s65/O
8NVGNOmgjuHnIwM+piZzGo+WcpzY62cBibGjb7f3Kkw5
=CKJq
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 05 Dec 2016 08:51:05 GMT) (full text, mbox, link).

Bug unarchived. Request was from Don Armstrong <don@debian.org> to control@bugs.debian.org. (Wed, 07 Dec 2016 01:57:13 GMT) (full text, mbox, link).

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sat, 28 Jan 2017 07:30:24 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 13:35:53 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started