asterisk: AST-2011-011 (CVE-2011-2536) Possible enumeration of SIP users

Debian Bug report logs - #632029
asterisk: AST-2011-011 (CVE-2011-2536) Possible enumeration of SIP users

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Tzafrir Cohen <tzafrir@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: asterisk: AST-2011-011 (CVE-2011-2536) Possible enumeration of SIP users

Date: Wed, 29 Jun 2011 11:46:18 +0300

Package: asterisk
Version: 1:1.8.4.2-1.8979
Severity: grave
Tags: security upstream patch
Justification: user security hole

Asterisk may respond differently to SIP requests from an invalid SIP
user than it does to a user configured on the system, even when the
alwaysauthreject option is set in the configuration. This can leak 
information about what SIP users are valid on the Asterisk system.

Respond to SIP requests from invalid and valid SIP users in the same way.
Asterisk 1.4 (in Oldstable) and 1.6.2 (in Stable) do not respond
identically by default due to backward-compatibility reasons, and must
have alwaysauthreject=yes set in sip.conf. Asterisk 1.8 defaults to
alwaysauthreject=yes.

Message #10 received at 632029-close@bugs.debian.org (full text, mbox, reply):

From: Tzafrir Cohen <tzafrir@debian.org>

To: 632029-close@bugs.debian.org

Subject: Bug#632029: fixed in asterisk 1:1.8.4.4~dfsg-1

Date: Fri, 01 Jul 2011 15:32:40 +0000

Source: asterisk
Source-Version: 1:1.8.4.4~dfsg-1

We believe that the bug you reported is fixed in the latest version of
asterisk, which is due to be installed in the Debian FTP archive:

asterisk-config_1.8.4.4~dfsg-1_all.deb
  to main/a/asterisk/asterisk-config_1.8.4.4~dfsg-1_all.deb
asterisk-dahdi_1.8.4.4~dfsg-1_amd64.deb
  to main/a/asterisk/asterisk-dahdi_1.8.4.4~dfsg-1_amd64.deb
asterisk-dbg_1.8.4.4~dfsg-1_amd64.deb
  to main/a/asterisk/asterisk-dbg_1.8.4.4~dfsg-1_amd64.deb
asterisk-dev_1.8.4.4~dfsg-1_all.deb
  to main/a/asterisk/asterisk-dev_1.8.4.4~dfsg-1_all.deb
asterisk-doc_1.8.4.4~dfsg-1_all.deb
  to main/a/asterisk/asterisk-doc_1.8.4.4~dfsg-1_all.deb
asterisk-h423_1.8.4.4~dfsg-1_amd64.deb
  to main/a/asterisk/asterisk-h423_1.8.4.4~dfsg-1_amd64.deb
asterisk-mobile_1.8.4.4~dfsg-1_amd64.deb
  to main/a/asterisk/asterisk-mobile_1.8.4.4~dfsg-1_amd64.deb
asterisk-modules_1.8.4.4~dfsg-1_amd64.deb
  to main/a/asterisk/asterisk-modules_1.8.4.4~dfsg-1_amd64.deb
asterisk-mp3_1.8.4.4~dfsg-1_amd64.deb
  to main/a/asterisk/asterisk-mp3_1.8.4.4~dfsg-1_amd64.deb
asterisk-mysql_1.8.4.4~dfsg-1_amd64.deb
  to main/a/asterisk/asterisk-mysql_1.8.4.4~dfsg-1_amd64.deb
asterisk-ooh423_1.8.4.4~dfsg-1_amd64.deb
  to main/a/asterisk/asterisk-ooh423_1.8.4.4~dfsg-1_amd64.deb
asterisk-voicemail-imapstorage_1.8.4.4~dfsg-1_amd64.deb
  to main/a/asterisk/asterisk-voicemail-imapstorage_1.8.4.4~dfsg-1_amd64.deb
asterisk-voicemail-odbcstorage_1.8.4.4~dfsg-1_amd64.deb
  to main/a/asterisk/asterisk-voicemail-odbcstorage_1.8.4.4~dfsg-1_amd64.deb
asterisk-voicemail_1.8.4.4~dfsg-1_amd64.deb
  to main/a/asterisk/asterisk-voicemail_1.8.4.4~dfsg-1_amd64.deb
asterisk_1.8.4.4~dfsg-1.debian.tar.gz
  to main/a/asterisk/asterisk_1.8.4.4~dfsg-1.debian.tar.gz
asterisk_1.8.4.4~dfsg-1.dsc
  to main/a/asterisk/asterisk_1.8.4.4~dfsg-1.dsc
asterisk_1.8.4.4~dfsg-1_amd64.deb
  to main/a/asterisk/asterisk_1.8.4.4~dfsg-1_amd64.deb
asterisk_1.8.4.4~dfsg.orig.tar.gz
  to main/a/asterisk/asterisk_1.8.4.4~dfsg.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 632029@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Tzafrir Cohen <tzafrir@debian.org> (supplier of updated asterisk package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Fri, 01 Jul 2011 11:51:45 +0300
Source: asterisk
Binary: asterisk asterisk-modules asterisk-h423 asterisk-dahdi asterisk-voicemail asterisk-voicemail-imapstorage asterisk-voicemail-odbcstorage asterisk-ooh423 asterisk-mp3 asterisk-mysql asterisk-mobile asterisk-doc asterisk-dev asterisk-dbg asterisk-config
Architecture: source all amd64
Version: 1:1.8.4.4~dfsg-1
Distribution: unstable
Urgency: high
Maintainer: Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org>
Changed-By: Tzafrir Cohen <tzafrir@debian.org>
Description: 
 asterisk   - Open Source Private Branch Exchange (PBX)
 asterisk-config - Configuration files for Asterisk
 asterisk-dahdi - DAHDI devices support for the Asterisk PBX
 asterisk-dbg - Debugging symbols for Asterisk
 asterisk-dev - Development files for Asterisk
 asterisk-doc - Source code documentation for Asterisk
 asterisk-h423 - H.323 protocol support for the Asterisk PBX
 asterisk-mobile - Bluetooth phone support for the Asterisk PBX
 asterisk-modules - loadable modules for the Asterisk PBX
 asterisk-mp3 - MP3 playback support for the Asterisk PBX (DUMMY)
 asterisk-mysql - MySQL database protocol support for the Asterisk PBX
 asterisk-ooh423 - H.323 protocol support for the Asterisk PBX - ooH323c
 asterisk-voicemail - simple voicemail support for the Asterisk PBX
 asterisk-voicemail-imapstorage - IMAP voicemail storage support for the Asterisk PBX
 asterisk-voicemail-odbcstorage - ODBC voicemail storage support for the Asterisk PBX
Closes: 632029
Changes: 
 asterisk (1:1.8.4.4~dfsg-1) unstable; urgency=high
 .
   * AST-2011-011 (CVE-2011-2536): Don't leak SIP username information
     (closes: #632029)
   * Clearly the NC-ND license for AST.{pdf,txt} is here to stay. Strip it.
     - And while we're at at, strip out sound files and some generated files.
Checksums-Sha1: 
 d6876cb55fb9e9491659ce6177b4890aa8f89be2 2518 asterisk_1.8.4.4~dfsg-1.dsc
 80545e32e4f01f44c74097d702cb3c8b4ccff8a4 10074348 asterisk_1.8.4.4~dfsg.orig.tar.gz
 8f9887be61adb753870f818cc62bc4b9ac9a447e 111320 asterisk_1.8.4.4~dfsg-1.debian.tar.gz
 70a79dace590de6eccff56650352233b43a192f6 4576504 asterisk-doc_1.8.4.4~dfsg-1_all.deb
 568bddf4403ea9fe79653dced97d5029be28934d 792368 asterisk-dev_1.8.4.4~dfsg-1_all.deb
 f5827e63331930eaef9945cecb628b94acc7cc62 843054 asterisk-config_1.8.4.4~dfsg-1_all.deb
 361c5e3eab531e5a9c5a91ec49752dd6ad0a0aea 1566098 asterisk_1.8.4.4~dfsg-1_amd64.deb
 5b6e723f6be13b13f1db5aff036a1b295664a47e 2558956 asterisk-modules_1.8.4.4~dfsg-1_amd64.deb
 1c6ef56f395856e684e1fff60710b6a5a4fd85b6 603756 asterisk-h423_1.8.4.4~dfsg-1_amd64.deb
 49eae788e3ac4653f264235c457ae3f2eb9c3115 735286 asterisk-dahdi_1.8.4.4~dfsg-1_amd64.deb
 88c09df22c361aa5726804e8e9290ac03d2b02f4 530142 asterisk-voicemail_1.8.4.4~dfsg-1_amd64.deb
 ea18c1c081fd0ae8c0242839743624cd0ededcbc 545048 asterisk-voicemail-imapstorage_1.8.4.4~dfsg-1_amd64.deb
 247e915dc78766bd49347e0340e078a1839bb59f 535704 asterisk-voicemail-odbcstorage_1.8.4.4~dfsg-1_amd64.deb
 77c8c28ed7f4783b03a380b2677b5f3752fcf00b 869684 asterisk-ooh423_1.8.4.4~dfsg-1_amd64.deb
 a2f638e442202ebd450782c0bcaca19b96f1ca3c 473628 asterisk-mp3_1.8.4.4~dfsg-1_amd64.deb
 c696b3e5caa9bbbeaef3321fe468fe5762f2104c 497332 asterisk-mysql_1.8.4.4~dfsg-1_amd64.deb
 c36dbf01c293a463c0b317098a806880be89ba91 487318 asterisk-mobile_1.8.4.4~dfsg-1_amd64.deb
 b7fddf2d8b123a8197127c997a2c29a6356ab490 28676842 asterisk-dbg_1.8.4.4~dfsg-1_amd64.deb
Checksums-Sha256: 
 c6b76b88bcc1957f4a7b857a42aac70debe16fbc5f2287034471048a6f0a4a65 2518 asterisk_1.8.4.4~dfsg-1.dsc
 73e2b0d7b64902948afc13bbb9bea3081cc036b9183e0e4d575bac5ae2d6d0e6 10074348 asterisk_1.8.4.4~dfsg.orig.tar.gz
 607552d0872b28190dec53cde05e564ddb179d58e184ef399f474bd701c663d9 111320 asterisk_1.8.4.4~dfsg-1.debian.tar.gz
 b6b3d51b0c8e0130766fb1a91399f76e7f8f4757368c2f11885118d5da99e084 4576504 asterisk-doc_1.8.4.4~dfsg-1_all.deb
 209bddef587a357575fc87d28d3396f5cd55261e5ab6caa723c9bcd268827f14 792368 asterisk-dev_1.8.4.4~dfsg-1_all.deb
 78e6421f3f03d3d8190a33ce9bc20be0e7030dd02d4f5dddcc59173e3a247894 843054 asterisk-config_1.8.4.4~dfsg-1_all.deb
 b5cc47b53b4dd0c5ecba5ef07e8f848409aa33bbaa1c37b1fbd7a7744a0f7821 1566098 asterisk_1.8.4.4~dfsg-1_amd64.deb
 f08749800c7d613c04c42a645fab6e739007736862e2a02e2dbc6052c7e3b851 2558956 asterisk-modules_1.8.4.4~dfsg-1_amd64.deb
 a38e424d592c425b2688f40aca997625323392451c94a1ce397ae39c40dc56f8 603756 asterisk-h423_1.8.4.4~dfsg-1_amd64.deb
 4d28f11d4149212a3c3195775046bcda82d9ce5b44523936d84ef0afd987c327 735286 asterisk-dahdi_1.8.4.4~dfsg-1_amd64.deb
 927a0d68751050b50cb46a892f39c974895e08c4f23d15513058f5962e003d0b 530142 asterisk-voicemail_1.8.4.4~dfsg-1_amd64.deb
 d8e1b0b9402b073a88bed7ec84b32ce0d60430aa656f6296705cb032008cca3c 545048 asterisk-voicemail-imapstorage_1.8.4.4~dfsg-1_amd64.deb
 13f21b247e24022bcd198fcbefbe04a9de976be3379846ecee6c387d65b0a0e2 535704 asterisk-voicemail-odbcstorage_1.8.4.4~dfsg-1_amd64.deb
 768b85ec8968d0b678cdf6713e8940a57f1b262fa2bf814143d6ae8d835cfbfa 869684 asterisk-ooh423_1.8.4.4~dfsg-1_amd64.deb
 612a6a66c5e3889b97b84a1a0e90dd0c560108086a6e3c461875c61eb7f58c65 473628 asterisk-mp3_1.8.4.4~dfsg-1_amd64.deb
 a5dc280a2f3f1885530ded1231f2122bf2253c11594b0ab36d51d5aba6c426a4 497332 asterisk-mysql_1.8.4.4~dfsg-1_amd64.deb
 17b324346298722d808e86ddbb5447007d2a58973e16b9c789a0794da0cbbe00 487318 asterisk-mobile_1.8.4.4~dfsg-1_amd64.deb
 f31684fa5299d9838beaeea2bc9b9d26baa5c10e5f7b5a4cf07619d675d66563 28676842 asterisk-dbg_1.8.4.4~dfsg-1_amd64.deb
Files: 
 d23573ce9086842b10e31bc115f9be15 2518 comm optional asterisk_1.8.4.4~dfsg-1.dsc
 8799ba4c063e52b0ff96c5c3e47ad785 10074348 comm optional asterisk_1.8.4.4~dfsg.orig.tar.gz
 1e1223a80d5d9ac00c3ee5b4f6411bb6 111320 comm optional asterisk_1.8.4.4~dfsg-1.debian.tar.gz
 5eedc704549e029f05d77c1a8bb96a48 4576504 doc extra asterisk-doc_1.8.4.4~dfsg-1_all.deb
 66ac63f0f8f3a00fa921a07f3521040a 792368 devel extra asterisk-dev_1.8.4.4~dfsg-1_all.deb
 af5bab65140c7e7e688eec33bab1f4f8 843054 comm optional asterisk-config_1.8.4.4~dfsg-1_all.deb
 0dfb6abb25ec4ec1006fe50e3a7fbc43 1566098 comm optional asterisk_1.8.4.4~dfsg-1_amd64.deb
 d6d3a5fc8114de33114fe9b9e26f52a8 2558956 libs optional asterisk-modules_1.8.4.4~dfsg-1_amd64.deb
 baa7f6c3f38d0a98cf84ff9345254b21 603756 comm optional asterisk-h423_1.8.4.4~dfsg-1_amd64.deb
 07e8ae728220c0890c4cce9425f87fc1 735286 comm optional asterisk-dahdi_1.8.4.4~dfsg-1_amd64.deb
 10a7f446653bb15c923577b855265118 530142 comm optional asterisk-voicemail_1.8.4.4~dfsg-1_amd64.deb
 abceb986654d15782d9270581083c0d1 545048 comm optional asterisk-voicemail-imapstorage_1.8.4.4~dfsg-1_amd64.deb
 a492018cbe057ada09a952e993f2cdc3 535704 comm optional asterisk-voicemail-odbcstorage_1.8.4.4~dfsg-1_amd64.deb
 1f1e10efed01a84cda624e2e6ec6a532 869684 comm optional asterisk-ooh423_1.8.4.4~dfsg-1_amd64.deb
 9074f28ec9f833b4a69027cd749fb3f2 473628 comm optional asterisk-mp3_1.8.4.4~dfsg-1_amd64.deb
 bfec29a801e737b5fb71c620149aa8ad 497332 comm optional asterisk-mysql_1.8.4.4~dfsg-1_amd64.deb
 fd9b618deec786b703ff129f02f595bf 487318 comm optional asterisk-mobile_1.8.4.4~dfsg-1_amd64.deb
 51685c10038a80b253c1855e89774541 28676842 debug extra asterisk-dbg_1.8.4.4~dfsg-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAk4N4nAACgkQxArWdkN9MosrVwCbBxa/irsDLyNbbaantjMJjJsW
Zf4AoNi2I5DE7gvg7BU21oE5gQ47laF1
=mCS+
-----END PGP SIGNATURE-----

Message #15 received at 632029-close@bugs.debian.org (full text, mbox, reply):

From: Tzafrir Cohen <tzafrir@debian.org>

To: 632029-close@bugs.debian.org

Subject: Bug#632029: fixed in asterisk 1:1.6.2.9-2+squeeze3

Date: Sun, 10 Jul 2011 19:55:19 +0000

Source: asterisk
Source-Version: 1:1.6.2.9-2+squeeze3

We believe that the bug you reported is fixed in the latest version of
asterisk, which is due to be installed in the Debian FTP archive:

asterisk-config_1.6.2.9-2+squeeze3_all.deb
  to main/a/asterisk/asterisk-config_1.6.2.9-2+squeeze3_all.deb
asterisk-dbg_1.6.2.9-2+squeeze3_amd64.deb
  to main/a/asterisk/asterisk-dbg_1.6.2.9-2+squeeze3_amd64.deb
asterisk-dev_1.6.2.9-2+squeeze3_all.deb
  to main/a/asterisk/asterisk-dev_1.6.2.9-2+squeeze3_all.deb
asterisk-doc_1.6.2.9-2+squeeze3_all.deb
  to main/a/asterisk/asterisk-doc_1.6.2.9-2+squeeze3_all.deb
asterisk-h423_1.6.2.9-2+squeeze3_amd64.deb
  to main/a/asterisk/asterisk-h423_1.6.2.9-2+squeeze3_amd64.deb
asterisk-sounds-main_1.6.2.9-2+squeeze3_all.deb
  to main/a/asterisk/asterisk-sounds-main_1.6.2.9-2+squeeze3_all.deb
asterisk_1.6.2.9-2+squeeze3.debian.tar.gz
  to main/a/asterisk/asterisk_1.6.2.9-2+squeeze3.debian.tar.gz
asterisk_1.6.2.9-2+squeeze3.dsc
  to main/a/asterisk/asterisk_1.6.2.9-2+squeeze3.dsc
asterisk_1.6.2.9-2+squeeze3_amd64.deb
  to main/a/asterisk/asterisk_1.6.2.9-2+squeeze3_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 632029@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Tzafrir Cohen <tzafrir@debian.org> (supplier of updated asterisk package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Fri, 01 Jul 2011 14:57:12 +0300
Source: asterisk
Binary: asterisk asterisk-h423 asterisk-doc asterisk-dev asterisk-dbg asterisk-sounds-main asterisk-config
Architecture: source all amd64
Version: 1:1.6.2.9-2+squeeze3
Distribution: stable-security
Urgency: high
Maintainer: Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org>
Changed-By: Tzafrir Cohen <tzafrir@debian.org>
Description: 
 asterisk   - Open Source Private Branch Exchange (PBX)
 asterisk-config - Configuration files for Asterisk
 asterisk-dbg - Debugging symbols for Asterisk
 asterisk-dev - Development files for Asterisk
 asterisk-doc - Source code documentation for Asterisk
 asterisk-h423 - H.323 protocol support for Asterisk
 asterisk-sounds-main - Core Sound files for Asterisk (English)
Closes: 631446 631448 632029
Changes: 
 asterisk (1:1.6.2.9-2+squeeze3) stable-security; urgency=high
 .
   * Patch AST-2011-008 (CVE-2011-2529) - crash on a malformed SIP packet
    (Closes: 631446).
   * Patch AST-2011-010 (CVE-2011-2535): crash due to dereferencing a remote
     pointer (closes: #631448).
   * AST-2011-011 (CVE-2011-2536): Don't leak SIP username information
     (closes: #632029)
Checksums-Sha1: 
 668a7965327e738409724439409271043f98cd0f 2172 asterisk_1.6.2.9-2+squeeze3.dsc
 c9399540bfecce7641a5d175f4dcfdfca82fe4df 87717 asterisk_1.6.2.9-2+squeeze3.debian.tar.gz
 5dc6941df1ad8b9227cce039890a181c48e468a6 1703900 asterisk-doc_1.6.2.9-2+squeeze3_all.deb
 a8de3f15a777eb1defb6e738202652ff5b19edc6 635634 asterisk-dev_1.6.2.9-2+squeeze3_all.deb
 fc319cdbe3a9f7b345a416035b2f123b419baebe 2186984 asterisk-sounds-main_1.6.2.9-2+squeeze3_all.deb
 46e6e1dee3525a8bf3d39ed7f48f03f141556072 716492 asterisk-config_1.6.2.9-2+squeeze3_all.deb
 a2d551bf1ccef54331c6b51ac6679e62cc997124 3598922 asterisk_1.6.2.9-2+squeeze3_amd64.deb
 6e2a42524f51e504220be6d0a01c28356de16b7a 533238 asterisk-h423_1.6.2.9-2+squeeze3_amd64.deb
 f30d5a86624c4c4dfad26b9a1518b060d6ee5059 20322998 asterisk-dbg_1.6.2.9-2+squeeze3_amd64.deb
Checksums-Sha256: 
 6e4e925e9dff4e55de2d573cf677cb0f0ad9b7cb02b2bc453b199434badeba3c 2172 asterisk_1.6.2.9-2+squeeze3.dsc
 ee7d4e72814b9c2f10fa46c206aa26e7ba8cd9e2cbfb1162445703fd05d90a89 87717 asterisk_1.6.2.9-2+squeeze3.debian.tar.gz
 3892883a7bbf3dce79181e83eb09b4c719e5330013b103515718ea1149b0d3ea 1703900 asterisk-doc_1.6.2.9-2+squeeze3_all.deb
 16b15a4539fd62e334ea3a630728c8573890c4f3d1099d0b53a17d81df021c0e 635634 asterisk-dev_1.6.2.9-2+squeeze3_all.deb
 76d69df1351c00beaa0fe1ec356f3344e170e78dea82b9106f5d26546df88319 2186984 asterisk-sounds-main_1.6.2.9-2+squeeze3_all.deb
 6ed9c028e06676f9e43b994be9451f1e07348ba937d403e62d483204a0ff5e05 716492 asterisk-config_1.6.2.9-2+squeeze3_all.deb
 9749f838c942f600c643d67a2129e5bc8ac4f3e7c039f1445f78e353681edabe 3598922 asterisk_1.6.2.9-2+squeeze3_amd64.deb
 ef37ce74f84eef8bb64b6ad077ba81f1a4e30c4a4830fa27e47cc556a6866f03 533238 asterisk-h423_1.6.2.9-2+squeeze3_amd64.deb
 b80cb7dd2277ceede3255dfc051ba2a32e4f5571d54c875bafe4484532d2751d 20322998 asterisk-dbg_1.6.2.9-2+squeeze3_amd64.deb
Files: 
 71e40e858a86dc11faa37924b72d8927 2172 comm optional asterisk_1.6.2.9-2+squeeze3.dsc
 df9a679adeccc131c5050323791f714c 87717 comm optional asterisk_1.6.2.9-2+squeeze3.debian.tar.gz
 93649a6589a3cdc23882e3abd33f64c1 1703900 doc extra asterisk-doc_1.6.2.9-2+squeeze3_all.deb
 8ebf76d4f455a9e2225c26efbc3998ad 635634 devel extra asterisk-dev_1.6.2.9-2+squeeze3_all.deb
 158b5c125eab5f603dee8d26ffb7db55 2186984 comm optional asterisk-sounds-main_1.6.2.9-2+squeeze3_all.deb
 8dac83eab70310bf273a4a57d4f44d78 716492 comm optional asterisk-config_1.6.2.9-2+squeeze3_all.deb
 71a284e43d07e5fbbbabe02ff596db9e 3598922 comm optional asterisk_1.6.2.9-2+squeeze3_amd64.deb
 8c43ba91f624491a25e4442cd4edf63b 533238 comm optional asterisk-h423_1.6.2.9-2+squeeze3_amd64.deb
 334d236b647db7e598b212e5a4bc93c8 20322998 debug extra asterisk-dbg_1.6.2.9-2+squeeze3_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAk4VdkAACgkQxArWdkN9MosdVQCfdFgX9/ImAoMtj9GNxAgM/t0h
SwEAoJL1FxazdBLh8qnTVP0WoEz0XuFV
=qyoo
-----END PGP SIGNATURE-----

Message #20 received at 632029-close@bugs.debian.org (full text, mbox, reply):

From: Tzafrir Cohen <tzafrir@debian.org>

To: 632029-close@bugs.debian.org

Subject: Bug#632029: fixed in asterisk 1:1.4.21.2~dfsg-3+lenny3

Date: Tue, 26 Jul 2011 01:54:16 +0000

Source: asterisk
Source-Version: 1:1.4.21.2~dfsg-3+lenny3

We believe that the bug you reported is fixed in the latest version of
asterisk, which is due to be installed in the Debian FTP archive:

asterisk-config_1.4.21.2~dfsg-3+lenny3_all.deb
  to main/a/asterisk/asterisk-config_1.4.21.2~dfsg-3+lenny3_all.deb
asterisk-dbg_1.4.21.2~dfsg-3+lenny3_amd64.deb
  to main/a/asterisk/asterisk-dbg_1.4.21.2~dfsg-3+lenny3_amd64.deb
asterisk-dev_1.4.21.2~dfsg-3+lenny3_all.deb
  to main/a/asterisk/asterisk-dev_1.4.21.2~dfsg-3+lenny3_all.deb
asterisk-doc_1.4.21.2~dfsg-3+lenny3_all.deb
  to main/a/asterisk/asterisk-doc_1.4.21.2~dfsg-3+lenny3_all.deb
asterisk-h423_1.4.21.2~dfsg-3+lenny3_amd64.deb
  to main/a/asterisk/asterisk-h423_1.4.21.2~dfsg-3+lenny3_amd64.deb
asterisk-sounds-main_1.4.21.2~dfsg-3+lenny3_all.deb
  to main/a/asterisk/asterisk-sounds-main_1.4.21.2~dfsg-3+lenny3_all.deb
asterisk_1.4.21.2~dfsg-3+lenny3.diff.gz
  to main/a/asterisk/asterisk_1.4.21.2~dfsg-3+lenny3.diff.gz
asterisk_1.4.21.2~dfsg-3+lenny3.dsc
  to main/a/asterisk/asterisk_1.4.21.2~dfsg-3+lenny3.dsc
asterisk_1.4.21.2~dfsg-3+lenny3_amd64.deb
  to main/a/asterisk/asterisk_1.4.21.2~dfsg-3+lenny3_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 632029@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Tzafrir Cohen <tzafrir@debian.org> (supplier of updated asterisk package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 05 Jul 2011 00:08:08 +0300
Source: asterisk
Binary: asterisk asterisk-h423 asterisk-doc asterisk-dev asterisk-dbg asterisk-sounds-main asterisk-config
Architecture: source all amd64
Version: 1:1.4.21.2~dfsg-3+lenny3
Distribution: oldstable-security
Urgency: high
Maintainer: Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org>
Changed-By: Tzafrir Cohen <tzafrir@debian.org>
Description: 
 asterisk   - Open Source Private Branch Exchange (PBX)
 asterisk-config - Configuration files for Asterisk
 asterisk-dbg - Debugging symbols for Asterisk
 asterisk-dev - Development files for Asterisk
 asterisk-doc - Source code documentation for Asterisk
 asterisk-h423 - H.323 protocol support for Asterisk
 asterisk-sounds-main - Core Sound files for Asterisk (English)
Closes: 631446 631448 632029
Changes: 
 asterisk (1:1.4.21.2~dfsg-3+lenny3) oldstable-security; urgency=high
 .
   * Patch AST-2011-008 (CVE-2011-2529) - crash on a malformed SIP packet
    (Closes: 631446).
   * AST-2011-010 (CVE-2011-2535): crash due to dereferencing a remote pointer
     (closes: #631448)
   * AST-2011-011 (CVE-2011-2536): Don't leak SIP username information
     (closes: #632029)
Checksums-Sha1: 
 025c04d1dfcdb6381e2c322afaf389b63d06956c 1979 asterisk_1.4.21.2~dfsg-3+lenny3.dsc
 9d8cfa8c8e0f3738ca6072fa0459755a7d77151a 160745 asterisk_1.4.21.2~dfsg-3+lenny3.diff.gz
 606cf06f5c81f0e1e349fefdf2c48f298b88cdd7 33072526 asterisk-doc_1.4.21.2~dfsg-3+lenny3_all.deb
 cfbb5c0bfe1496cdbf1e762c0e209de9e9f9acdf 429584 asterisk-dev_1.4.21.2~dfsg-3+lenny3_all.deb
 e7c0fa765b7a2021bfba3c01a095cdab9c9b12e8 1900114 asterisk-sounds-main_1.4.21.2~dfsg-3+lenny3_all.deb
 adb78d3daba3dd9fcbc80ba0bd8f946224e83b67 485382 asterisk-config_1.4.21.2~dfsg-3+lenny3_all.deb
 0f226bac20fdafadfd090a3fbb945ad177e257c7 2624164 asterisk_1.4.21.2~dfsg-3+lenny3_amd64.deb
 b442e3d2fb81d0bc0dd9e7f9b11b4405a5f363cd 398148 asterisk-h423_1.4.21.2~dfsg-3+lenny3_amd64.deb
 c803e9ec4bdd8b793750c5ba128674a8975652e3 13153944 asterisk-dbg_1.4.21.2~dfsg-3+lenny3_amd64.deb
Checksums-Sha256: 
 b2e9a5f224ea62933ead7cf7e8afb1ac0ae7080dbf0e71860c958dcd42d283f5 1979 asterisk_1.4.21.2~dfsg-3+lenny3.dsc
 37f17774b1a2432f025ff44b1932816668fdc8adcf23aae1457eee132c0dbb51 160745 asterisk_1.4.21.2~dfsg-3+lenny3.diff.gz
 a4eab28bdd1f31b971f2dab8dab742bc78fd13e6ccdd7273646d2dd0c0606931 33072526 asterisk-doc_1.4.21.2~dfsg-3+lenny3_all.deb
 1290a6a2d8a261a6f8eaeaf1962d76b8116e9cc302711686fcf8a4294fc143e8 429584 asterisk-dev_1.4.21.2~dfsg-3+lenny3_all.deb
 06fb50bbe29c494089bafae0e0585b152aff596c1678311d4271cbab0d59d29a 1900114 asterisk-sounds-main_1.4.21.2~dfsg-3+lenny3_all.deb
 3db2d6f38165b4d623021dedc0a1fa296be9af218f2fcaf9a28a945b32d0b9e3 485382 asterisk-config_1.4.21.2~dfsg-3+lenny3_all.deb
 50c453a84babc4e294532895dd4811f550fe8c07cc044985f345b5f614412f2d 2624164 asterisk_1.4.21.2~dfsg-3+lenny3_amd64.deb
 2761c4b74df70c01b135b16476aab9d5040dbab368fec094b854c50b2b5d5948 398148 asterisk-h423_1.4.21.2~dfsg-3+lenny3_amd64.deb
 bacb37c3efb680d79f5f4868b25511b82bed510ff47de8b180d8017d7306a8d1 13153944 asterisk-dbg_1.4.21.2~dfsg-3+lenny3_amd64.deb
Files: 
 9339f7b7eb664596f98add5a3bca70bc 1979 comm optional asterisk_1.4.21.2~dfsg-3+lenny3.dsc
 dcea9f2d1a6aca93bee0c3d40e63ed65 160745 comm optional asterisk_1.4.21.2~dfsg-3+lenny3.diff.gz
 3031b861d3e96ea05c1df2a608e1b552 33072526 doc extra asterisk-doc_1.4.21.2~dfsg-3+lenny3_all.deb
 2b7aada10a778d52fe1d6dcafa10a66c 429584 devel extra asterisk-dev_1.4.21.2~dfsg-3+lenny3_all.deb
 ea27f09b054748267842c6ac1f774096 1900114 comm optional asterisk-sounds-main_1.4.21.2~dfsg-3+lenny3_all.deb
 20a418dc42e61dd3b9c1dfd00415c7fb 485382 comm optional asterisk-config_1.4.21.2~dfsg-3+lenny3_all.deb
 a9334626db58da5ae7b7885d5952d0d9 2624164 comm optional asterisk_1.4.21.2~dfsg-3+lenny3_amd64.deb
 78bf5b1c0f9d4289fffdd6f5cf6d4908 398148 comm optional asterisk-h423_1.4.21.2~dfsg-3+lenny3_amd64.deb
 0ab7500e359954635b975b618ebcfec7 13153944 devel extra asterisk-dbg_1.4.21.2~dfsg-3+lenny3_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAk4VcjAACgkQxArWdkN9MosUFwCcCxeZVPq9v9Ogf0xzKIRpjtOB
2osAoMvhUQ4C2tUYSks1j/cxEr2doA0L
=BjLs
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.