CVE-2011-0495 asterisk: AST-2011-001: buffer overflow in caller ID URI encoding

Debian Bug report logs - #610487
CVE-2011-0495 asterisk: AST-2011-001: buffer overflow in caller ID URI encoding

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Tzafrir Cohen <tzafrir@cohens.org.il>

To: submit@bugs.debian.org

Subject: asterisk: AST-2011-001: buffer overflow in caller ID URI encoding

Date: Tue, 18 Jan 2011 23:36:01 +0000

Package: asterisk
Version: 1:1.6.2.9-2
Justification: user security hole
Severity: grave
Tags: security patch upstream

*** Please type your report below this line ***
The Asterisk project has reported security advisory ASA-2011-011
http://downloads.asterisk.org/pub/security/AST-2011-001.html
(No CVE ATM)

"When forming an outgoing SIP request while in pedantic mode, a stack
buffer can be made to overflow if supplied with carefully crafted caller
ID information. "

Caller ID information may be provided by remote users. The advisory details
potential workaround in the dialplan, but applying it varies greatly on
different configurations.

Issue applies both to the Lenny and Squeeze packages. For patches:
http://svn.debian.org/viewsvn/pkg-voip?view=rev&revision=8708  (Squeeze)

http://svn.debian.org/viewsvn/pkg-voip?view=rev&revision=8711  (Lenny)

-- 
Tzafrir Cohen         | tzafrir@jabber.org | VIM is
http://tzafrir.org.il |                    | a Mutt's
tzafrir@cohens.org.il |                    |  best
tzafrir@debian.org    |                    | friend

Message #10 received at 610487@bugs.debian.org (full text, mbox, reply):

From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

To: "Tzafrir Cohen" <tzafrir@cohens.org.il>, 610487@bugs.debian.org

Subject: Re: Bug#610487: asterisk: AST-2011-001: buffer overflow in caller ID URI encoding

Date: Wed, 19 Jan 2011 13:31:46 -0000

user release.debian.org@packages.debian.org
tag 610487 + squeeze-ignore
usertag 610487 + squeeze-can-defer
thanks

On Tue, January 18, 2011 23:36, Tzafrir Cohen wrote:
> The Asterisk project has reported security advisory ASA-2011-011
> http://downloads.asterisk.org/pub/security/AST-2011-001.html
> (No CVE ATM)
>
> "When forming an outgoing SIP request while in pedantic mode, a stack
> buffer can be made to overflow if supplied with carefully crafted caller
> ID information. "

This can be fixed for squeeze after the release if necessary; marking as
not a blocker.

Regards,

Adam

Message #21 received at 610487@bugs.debian.org (full text, mbox, reply):

From: Moritz Mühlenhoff <jmm@inutil.org>

To: Tzafrir Cohen <tzafrir@cohens.org.il>

Cc: msp@debian.org, paravoid@debian.org, 610487@bugs.debian.org

Subject: Re: asterisk: AST-2011-001: buffer overflow in caller ID URI encoding

Date: Tue, 25 Jan 2011 21:28:40 +0100

On Tue, Jan 18, 2011 at 11:36:01PM +0000, Tzafrir Cohen wrote:
> Package: asterisk
> Version: 1:1.6.2.9-2
> Justification: user security hole
> Severity: grave
> Tags: security patch upstream
> 
> *** Please type your report below this line ***
> The Asterisk project has reported security advisory ASA-2011-011
> http://downloads.asterisk.org/pub/security/AST-2011-001.html
> (No CVE ATM)
> 
> "When forming an outgoing SIP request while in pedantic mode, a stack
> buffer can be made to overflow if supplied with carefully crafted caller
> ID information. "
> 
> Caller ID information may be provided by remote users. The advisory details
> potential workaround in the dialplan, but applying it varies greatly on
> different configurations.
> 
> Issue applies both to the Lenny and Squeeze packages. For patches:
> http://svn.debian.org/viewsvn/pkg-voip?view=rev&revision=8708  (Squeeze)
> 
> http://svn.debian.org/viewsvn/pkg-voip?view=rev&revision=8711  (Lenny)

What's the status of a Squeeze upload? This should be uploaded with
the minimal fix and urgency=high.

Cheers,
        Moritz

Message #26 received at 610487@bugs.debian.org (full text, mbox, reply):

From: Moritz Mühlenhoff <jmm@inutil.org>

To: 610487@bugs.debian.org

Cc: Tzafrir Cohen <tzafrir@cohens.org.il>, msp@debian.org, paravoid@debian.org

Subject: Re: asterisk: AST-2011-001: buffer overflow in caller ID URI encoding

Date: Wed, 2 Feb 2011 21:13:06 +0100

On Tue, Jan 25, 2011 at 09:28:40PM +0100, Moritz Mühlenhoff wrote:
> On Tue, Jan 18, 2011 at 11:36:01PM +0000, Tzafrir Cohen wrote:
> > Package: asterisk
> > Version: 1:1.6.2.9-2
> > Justification: user security hole
> > Severity: grave
> > Tags: security patch upstream
> > 
> > *** Please type your report below this line ***
> > The Asterisk project has reported security advisory ASA-2011-011
> > http://downloads.asterisk.org/pub/security/AST-2011-001.html
> > (No CVE ATM)
> > 
> > "When forming an outgoing SIP request while in pedantic mode, a stack
> > buffer can be made to overflow if supplied with carefully crafted caller
> > ID information. "
> > 
> > Caller ID information may be provided by remote users. The advisory details
> > potential workaround in the dialplan, but applying it varies greatly on
> > different configurations.
> > 
> > Issue applies both to the Lenny and Squeeze packages. For patches:
> > http://svn.debian.org/viewsvn/pkg-voip?view=rev&revision=8708  (Squeeze)
> > 
> > http://svn.debian.org/viewsvn/pkg-voip?view=rev&revision=8711  (Lenny)
> 
> What's the status of a Squeeze upload? This should be uploaded with
> the minimal fix and urgency=high.

No reaction since two weeks? Does none of the VoIP maintainers use Debian?
 
Cheers,
        Moritz

Message #31 received at 610487@bugs.debian.org (full text, mbox, reply):

From: Faidon Liambotis <paravoid@debian.org>

To: 610487@bugs.debian.org, Tzafrir Cohen <tzafrir@cohens.org.il>

Cc: Moritz Mühlenhoff <jmm@inutil.org>

Subject: Re: Bug#610487: asterisk: AST-2011-001: buffer overflow in caller ID URI encoding

Date: Mon, 07 Feb 2011 01:30:41 +0200

Tzafrir, ping?

I can do the uploads (lenny hasn't been uploaded either, right?) but I'm 
afraid it'll be with minimal testing. Moritz, is that acceptable? 
Certainly better than having a remote exploitable hole...

I'm pondering whether I should remove my name from maintainer as well. 
Tzafrir, perhaps you should do an RFH (or even O!) in e.g. debian-devel?

Regards,
Faidon

Message #36 received at 610487@bugs.debian.org (full text, mbox, reply):

From: Faidon Liambotis <paravoid@debian.org>

To: 610487@bugs.debian.org, security@debian.org

Cc: Tzafrir Cohen <tzafrir@cohens.org.il>, Moritz Mühlenhoff <jmm@inutil.org>

Subject: Re: Bug#610487: asterisk: AST-2011-001: buffer overflow in caller ID URI encoding

Date: Thu, 10 Feb 2011 20:02:48 +0200

Faidon Liambotis wrote:
> I can do the uploads (lenny hasn't been uploaded either, right?) but I'm
> afraid it'll be with minimal testing. Moritz, is that acceptable?
> Certainly better than having a remote exploitable hole...
>
> I'm pondering whether I should remove my name from maintainer as well.
> Tzafrir, perhaps you should do an RFH (or even O!) in e.g. debian-devel?

Since Tzafrir seems to be MIA(?), I've prepared updates for both lenny 
and squeeze. These are with minimal testing but changes are small and 
backported from upstream.

Should I upload to security-master?

Regards,
Faidon

Message #41 received at 610487@bugs.debian.org (full text, mbox, reply):

From: Moritz Mühlenhoff <jmm@inutil.org>

To: Faidon Liambotis <paravoid@debian.org>

Cc: 610487@bugs.debian.org, security@debian.org, Tzafrir Cohen <tzafrir@cohens.org.il>, Moritz Mühlenhoff <jmm@inutil.org>

Subject: Re: Bug#610487: asterisk: AST-2011-001: buffer overflow in caller ID URI encoding

Date: Thu, 10 Feb 2011 23:01:54 +0100

On Thu, Feb 10, 2011 at 08:02:48PM +0200, Faidon Liambotis wrote:
> Faidon Liambotis wrote:
> >I can do the uploads (lenny hasn't been uploaded either, right?) but I'm
> >afraid it'll be with minimal testing. Moritz, is that acceptable?
> >Certainly better than having a remote exploitable hole...
> >
> >I'm pondering whether I should remove my name from maintainer as well.
> >Tzafrir, perhaps you should do an RFH (or even O!) in e.g. debian-devel?
> 
> Since Tzafrir seems to be MIA(?), I've prepared updates for both
> lenny and squeeze. These are with minimal testing but changes are
> small and backported from upstream.
> 
> Should I upload to security-master?

Excellent, thanks for taking care. Please upload (remember that stable-security
needs to be build with -sa, since it's new in Squeeze)

Cheers,
        Moritz

Message #46 received at 610487@bugs.debian.org (full text, mbox, reply):

From: Faidon Liambotis <paravoid@debian.org>

To: Moritz Mühlenhoff <jmm@inutil.org>

Cc: 610487@bugs.debian.org, security@debian.org, Tzafrir Cohen <tzafrir@cohens.org.il>

Subject: Re: Bug#610487: asterisk: AST-2011-001: buffer overflow in caller ID URI encoding

Date: Fri, 11 Feb 2011 00:31:06 +0200

On 02/11/11 00:01, Moritz Mühlenhoff wrote:
>> Should I upload to security-master?
>
> Excellent, thanks for taking care. Please upload (remember that stable-security
> needs to be build with -sa, since it's new in Squeeze)

Done for both oldstable-security and stable-security (and thanks for the 
warning :)

Regards,
Faidon

Message #51 received at 610487-close@bugs.debian.org (full text, mbox, reply):

From: Faidon Liambotis <paravoid@debian.org>

To: 610487-close@bugs.debian.org

Subject: Bug#610487: fixed in asterisk 1:1.4.21.2~dfsg-3+lenny2

Date: Tue, 22 Feb 2011 01:54:59 +0000

Source: asterisk
Source-Version: 1:1.4.21.2~dfsg-3+lenny2

We believe that the bug you reported is fixed in the latest version of
asterisk, which is due to be installed in the Debian FTP archive:

asterisk-config_1.4.21.2~dfsg-3+lenny2_all.deb
  to main/a/asterisk/asterisk-config_1.4.21.2~dfsg-3+lenny2_all.deb
asterisk-dbg_1.4.21.2~dfsg-3+lenny2_i386.deb
  to main/a/asterisk/asterisk-dbg_1.4.21.2~dfsg-3+lenny2_i386.deb
asterisk-dev_1.4.21.2~dfsg-3+lenny2_all.deb
  to main/a/asterisk/asterisk-dev_1.4.21.2~dfsg-3+lenny2_all.deb
asterisk-doc_1.4.21.2~dfsg-3+lenny2_all.deb
  to main/a/asterisk/asterisk-doc_1.4.21.2~dfsg-3+lenny2_all.deb
asterisk-h423_1.4.21.2~dfsg-3+lenny2_i386.deb
  to main/a/asterisk/asterisk-h423_1.4.21.2~dfsg-3+lenny2_i386.deb
asterisk-sounds-main_1.4.21.2~dfsg-3+lenny2_all.deb
  to main/a/asterisk/asterisk-sounds-main_1.4.21.2~dfsg-3+lenny2_all.deb
asterisk_1.4.21.2~dfsg-3+lenny2.diff.gz
  to main/a/asterisk/asterisk_1.4.21.2~dfsg-3+lenny2.diff.gz
asterisk_1.4.21.2~dfsg-3+lenny2.dsc
  to main/a/asterisk/asterisk_1.4.21.2~dfsg-3+lenny2.dsc
asterisk_1.4.21.2~dfsg-3+lenny2_i386.deb
  to main/a/asterisk/asterisk_1.4.21.2~dfsg-3+lenny2_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 610487@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Faidon Liambotis <paravoid@debian.org> (supplier of updated asterisk package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 10 Feb 2011 17:06:37 +0200
Source: asterisk
Binary: asterisk asterisk-h423 asterisk-doc asterisk-dev asterisk-dbg asterisk-sounds-main asterisk-config
Architecture: source all i386
Version: 1:1.4.21.2~dfsg-3+lenny2
Distribution: oldstable-security
Urgency: high
Maintainer: Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org>
Changed-By: Faidon Liambotis <paravoid@debian.org>
Description: 
 asterisk   - Open Source Private Branch Exchange (PBX)
 asterisk-config - Configuration files for Asterisk
 asterisk-dbg - Debugging symbols for Asterisk
 asterisk-dev - Development files for Asterisk
 asterisk-doc - Source code documentation for Asterisk
 asterisk-h423 - H.323 protocol support for Asterisk
 asterisk-sounds-main - Core Sound files for Asterisk (English)
Closes: 610487
Changes: 
 asterisk (1:1.4.21.2~dfsg-3+lenny2) oldstable-security; urgency=high
 .
   [ Tzafrir Cohen ]
   * AST-2011-001/CVE-2011-0495: Stack buffer overflow in SIP channel driver
     (Closes: #610487)
   * Backport a one-liner patch from upstream (ast_uri_validhex) to
     successfully apply the AST-2011-001 patch.
Checksums-Sha1: 
 80bc90910165cdb7bf8fcd010b636cb43d32a0dd 1985 asterisk_1.4.21.2~dfsg-3+lenny2.dsc
 2de385e43bbaafb66d2501659b916eaadced698c 150696 asterisk_1.4.21.2~dfsg-3+lenny2.diff.gz
 9984b239f04b65b9121f32ef485094aaa2b164d2 32509280 asterisk-doc_1.4.21.2~dfsg-3+lenny2_all.deb
 b3a6e144ece0ae9c06d3ae4d52a6be612c2a607b 427756 asterisk-dev_1.4.21.2~dfsg-3+lenny2_all.deb
 a4698c4d9d98e0a242af6d05b311704955b78157 1897828 asterisk-sounds-main_1.4.21.2~dfsg-3+lenny2_all.deb
 5bc03cc8fae124dcd6772f1c8205caa6ff0b01f2 478950 asterisk-config_1.4.21.2~dfsg-3+lenny2_all.deb
 7b0a83575d9d88ab3fda5b07332149e7d6dbb319 2407086 asterisk_1.4.21.2~dfsg-3+lenny2_i386.deb
 56483acf91f975a8c4295194030bdc222bb0952d 388546 asterisk-h423_1.4.21.2~dfsg-3+lenny2_i386.deb
 5d439d17f781033464d75321af8ad100f7e7e91a 12998636 asterisk-dbg_1.4.21.2~dfsg-3+lenny2_i386.deb
Checksums-Sha256: 
 abf0fd16e3cb345cd7ced175a73c0a15568679512ad01db8ca4cc881377e2a3f 1985 asterisk_1.4.21.2~dfsg-3+lenny2.dsc
 255718da602b5e19e70c8fde35f6b5747bacbc5b7972820e3d67c1339cb8178a 150696 asterisk_1.4.21.2~dfsg-3+lenny2.diff.gz
 614cec5f8c11e6bab87a885110c1300876192932aa7c62e66cebaf285b96abd0 32509280 asterisk-doc_1.4.21.2~dfsg-3+lenny2_all.deb
 8ddc340d282213da4dd16ffba910e968c5fa3cade50a451e9ee16ae94ea991e8 427756 asterisk-dev_1.4.21.2~dfsg-3+lenny2_all.deb
 584fe5150859c21aaf6a0a817f46c46108262971d55b77d0e6f5ea40b96a4427 1897828 asterisk-sounds-main_1.4.21.2~dfsg-3+lenny2_all.deb
 1537e5e27cfa66f1557718e247933ac6763c410c8acb858a4e2ffbc16deff9cf 478950 asterisk-config_1.4.21.2~dfsg-3+lenny2_all.deb
 75d586df6a6cc639326e527df71f5f6d88d9eefd284204b1fd2aaa8f5f7f18c2 2407086 asterisk_1.4.21.2~dfsg-3+lenny2_i386.deb
 348a8faaad09b07d64131f2a41235b8273c6c2f367ad97ec0f4f3997694f61d6 388546 asterisk-h423_1.4.21.2~dfsg-3+lenny2_i386.deb
 43e5e38d9adf0f6221ffd3f56832e6a703305b2dd2a55d5ca030574088c0f513 12998636 asterisk-dbg_1.4.21.2~dfsg-3+lenny2_i386.deb
Files: 
 625115fe277a3e3050e0143b58e9b658 1985 comm optional asterisk_1.4.21.2~dfsg-3+lenny2.dsc
 54a737752f1f8a851cad0ac2b2f69d0c 150696 comm optional asterisk_1.4.21.2~dfsg-3+lenny2.diff.gz
 961b1b453cbab56f5ec5f03ed7e59f7c 32509280 doc extra asterisk-doc_1.4.21.2~dfsg-3+lenny2_all.deb
 e32177c1085dc857e2a6e05bf94c648c 427756 devel extra asterisk-dev_1.4.21.2~dfsg-3+lenny2_all.deb
 941f86ed5d89d517ec16e83f881d75d8 1897828 comm optional asterisk-sounds-main_1.4.21.2~dfsg-3+lenny2_all.deb
 701580936396f55e187d8bdb4d9c501e 478950 comm optional asterisk-config_1.4.21.2~dfsg-3+lenny2_all.deb
 3625bf89e540f3135b842517af221046 2407086 comm optional asterisk_1.4.21.2~dfsg-3+lenny2_i386.deb
 d72f12780b219c602be0ae6e2ccbec8f 388546 comm optional asterisk-h423_1.4.21.2~dfsg-3+lenny2_i386.deb
 f1e2e67224ce07cf6e2c005c5f06f20a 12998636 devel extra asterisk-dbg_1.4.21.2~dfsg-3+lenny2_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAk1UZOAACgkQVty5d8XpUzPc1gCfdORTrx0jQ+/laAX8pxH7C7QL
rW0AoIB7jqlw/z/5km9UG83PBnIWEyjz
=XbAF
-----END PGP SIGNATURE-----

Message #56 received at 610487-close@bugs.debian.org (full text, mbox, reply):

From: Faidon Liambotis <paravoid@debian.org>

To: 610487-close@bugs.debian.org

Subject: Bug#610487: fixed in asterisk 1:1.6.2.9-2+squeeze1

Date: Tue, 22 Feb 2011 01:55:19 +0000

Source: asterisk
Source-Version: 1:1.6.2.9-2+squeeze1

We believe that the bug you reported is fixed in the latest version of
asterisk, which is due to be installed in the Debian FTP archive:

asterisk-config_1.6.2.9-2+squeeze1_all.deb
  to main/a/asterisk/asterisk-config_1.6.2.9-2+squeeze1_all.deb
asterisk-dbg_1.6.2.9-2+squeeze1_i386.deb
  to main/a/asterisk/asterisk-dbg_1.6.2.9-2+squeeze1_i386.deb
asterisk-dev_1.6.2.9-2+squeeze1_all.deb
  to main/a/asterisk/asterisk-dev_1.6.2.9-2+squeeze1_all.deb
asterisk-doc_1.6.2.9-2+squeeze1_all.deb
  to main/a/asterisk/asterisk-doc_1.6.2.9-2+squeeze1_all.deb
asterisk-h423_1.6.2.9-2+squeeze1_i386.deb
  to main/a/asterisk/asterisk-h423_1.6.2.9-2+squeeze1_i386.deb
asterisk-sounds-main_1.6.2.9-2+squeeze1_all.deb
  to main/a/asterisk/asterisk-sounds-main_1.6.2.9-2+squeeze1_all.deb
asterisk_1.6.2.9-2+squeeze1.debian.tar.gz
  to main/a/asterisk/asterisk_1.6.2.9-2+squeeze1.debian.tar.gz
asterisk_1.6.2.9-2+squeeze1.dsc
  to main/a/asterisk/asterisk_1.6.2.9-2+squeeze1.dsc
asterisk_1.6.2.9-2+squeeze1_i386.deb
  to main/a/asterisk/asterisk_1.6.2.9-2+squeeze1_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 610487@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Faidon Liambotis <paravoid@debian.org> (supplier of updated asterisk package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 10 Feb 2011 19:03:02 +0200
Source: asterisk
Binary: asterisk asterisk-h423 asterisk-doc asterisk-dev asterisk-dbg asterisk-sounds-main asterisk-config
Architecture: source all i386
Version: 1:1.6.2.9-2+squeeze1
Distribution: stable-security
Urgency: high
Maintainer: Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org>
Changed-By: Faidon Liambotis <paravoid@debian.org>
Description: 
 asterisk   - Open Source Private Branch Exchange (PBX)
 asterisk-config - Configuration files for Asterisk
 asterisk-dbg - Debugging symbols for Asterisk
 asterisk-dev - Development files for Asterisk
 asterisk-doc - Source code documentation for Asterisk
 asterisk-h423 - H.323 protocol support for Asterisk
 asterisk-sounds-main - Core Sound files for Asterisk (English)
Closes: 610487
Changes: 
 asterisk (1:1.6.2.9-2+squeeze1) stable-security; urgency=high
 .
   * AST-2011-001/CVE-2011-0495: Stack buffer overflow in SIP channel driver
     (Closes: #610487)
Checksums-Sha1: 
 ea5e67823375319cc13814b99f48cc947734fb4a 2172 asterisk_1.6.2.9-2+squeeze1.dsc
 2f735f640a55a4b5ded7be183946dabb3002d531 23607389 asterisk_1.6.2.9.orig.tar.gz
 5a7e6fed8858719347af480d4336ab8143bbda7a 71289 asterisk_1.6.2.9-2+squeeze1.debian.tar.gz
 ae2fb7a258809f177664d524652791d07ef74bc4 1682432 asterisk-doc_1.6.2.9-2+squeeze1_all.deb
 28e899239703a651775d539384cbdc00eaef83b6 632344 asterisk-dev_1.6.2.9-2+squeeze1_all.deb
 85717308f30b64984c5bc40ccd6a4d31f147d80f 2182364 asterisk-sounds-main_1.6.2.9-2+squeeze1_all.deb
 a6bf69a8ca1689f5c1d0cf7f32e3da6517782fb1 710336 asterisk-config_1.6.2.9-2+squeeze1_all.deb
 86893a78a274765e12bd1ab4691a7c829175d165 3318020 asterisk_1.6.2.9-2+squeeze1_i386.deb
 b778aef0f746ce673cbcf9ce3d790af7f409e548 527270 asterisk-h423_1.6.2.9-2+squeeze1_i386.deb
 498e7e0dbc36af219771a12673d43593abab8abf 20294860 asterisk-dbg_1.6.2.9-2+squeeze1_i386.deb
Checksums-Sha256: 
 a0ebfdbd37c2b4bf79fec818d4d3f74ca917b6003529313aefd71a6eaa0550e7 2172 asterisk_1.6.2.9-2+squeeze1.dsc
 109a8f29bd08844d9310435fb944908e6ada60e36917f2a3ed800c266a08bc1c 23607389 asterisk_1.6.2.9.orig.tar.gz
 b19bb31debc705e95adc292013612a24cf3c2268f047000e2ce19d217f3b381b 71289 asterisk_1.6.2.9-2+squeeze1.debian.tar.gz
 82d1a13cf734cf3297742a0b5d10bda55c2ab64c7f89df54bdfab7bb226156ab 1682432 asterisk-doc_1.6.2.9-2+squeeze1_all.deb
 581571d2e10754116ce72f071ddde4f64ec7714a43a39dc9e38ba54c3a87d4bb 632344 asterisk-dev_1.6.2.9-2+squeeze1_all.deb
 d1e47279a18d166ce5419c9779a15aa3a6a6dad0521ed25db695e10bdf49557e 2182364 asterisk-sounds-main_1.6.2.9-2+squeeze1_all.deb
 93ee4997dde8d9439c94bcae68a012e831c48c0a7dc8eb6b5dd5c51fa9ff0495 710336 asterisk-config_1.6.2.9-2+squeeze1_all.deb
 d6b50462f6ec930bf5971df64d1def2b23b8771ec7cb3f18c61e9ef73e60fa0a 3318020 asterisk_1.6.2.9-2+squeeze1_i386.deb
 3d0c45604a326cde8cf0042c7fc3d3725d4dcf0a8afae1120f5f8fb478d719b6 527270 asterisk-h423_1.6.2.9-2+squeeze1_i386.deb
 bb4f781e7cdd11f1d937bcf522868ae73287b27643cd956c63f3261b0f76869e 20294860 asterisk-dbg_1.6.2.9-2+squeeze1_i386.deb
Files: 
 b97ed6c5d757528b31a9627fb6feb225 2172 comm optional asterisk_1.6.2.9-2+squeeze1.dsc
 1f947d951c419b8039d53a6e6168fd69 23607389 comm optional asterisk_1.6.2.9.orig.tar.gz
 83c8829a2a5d8ea8a0bf2da71dedeaba 71289 comm optional asterisk_1.6.2.9-2+squeeze1.debian.tar.gz
 5d1761d183f029263d92e8328530fd3f 1682432 doc extra asterisk-doc_1.6.2.9-2+squeeze1_all.deb
 7b457152562d1dfc0c33a114736e2069 632344 devel extra asterisk-dev_1.6.2.9-2+squeeze1_all.deb
 b3ba90c027f21c3ace0ce071d161b7fc 2182364 comm optional asterisk-sounds-main_1.6.2.9-2+squeeze1_all.deb
 f11b309f5e5e4513abc7fa04f6139929 710336 comm optional asterisk-config_1.6.2.9-2+squeeze1_all.deb
 f58c0cb0fc9e3b37f94e966f05618a73 3318020 comm optional asterisk_1.6.2.9-2+squeeze1_i386.deb
 ccce18515d375aab7c7742dbadc4bc09 527270 comm optional asterisk-h423_1.6.2.9-2+squeeze1_i386.deb
 930610804673118892826a09ac5c9236 20294860 debug extra asterisk-dbg_1.6.2.9-2+squeeze1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAk1UZZoACgkQVty5d8XpUzOGqwCfb4YgfOYYMpIlkM3r376T6hKr
VLwAnRwL3+m5orEgFNKOmO+e2MKv2tbs
=zlWt
-----END PGP SIGNATURE-----

Message #61 received at 610487-close@bugs.debian.org (full text, mbox, reply):

From: Tzafrir Cohen <tzafrir@debian.org>

To: 610487-close@bugs.debian.org

Subject: Bug#610487: fixed in asterisk 1:1.8.3.3-1

Date: Mon, 25 Apr 2011 22:17:41 +0000

Source: asterisk
Source-Version: 1:1.8.3.3-1

We believe that the bug you reported is fixed in the latest version of
asterisk, which is due to be installed in the Debian FTP archive:

asterisk-config_1.8.3.3-1_all.deb
  to main/a/asterisk/asterisk-config_1.8.3.3-1_all.deb
asterisk-dahdi_1.8.3.3-1_amd64.deb
  to main/a/asterisk/asterisk-dahdi_1.8.3.3-1_amd64.deb
asterisk-dbg_1.8.3.3-1_amd64.deb
  to main/a/asterisk/asterisk-dbg_1.8.3.3-1_amd64.deb
asterisk-dev_1.8.3.3-1_all.deb
  to main/a/asterisk/asterisk-dev_1.8.3.3-1_all.deb
asterisk-doc_1.8.3.3-1_all.deb
  to main/a/asterisk/asterisk-doc_1.8.3.3-1_all.deb
asterisk-h423_1.8.3.3-1_amd64.deb
  to main/a/asterisk/asterisk-h423_1.8.3.3-1_amd64.deb
asterisk-mobile_1.8.3.3-1_amd64.deb
  to main/a/asterisk/asterisk-mobile_1.8.3.3-1_amd64.deb
asterisk-modules_1.8.3.3-1_amd64.deb
  to main/a/asterisk/asterisk-modules_1.8.3.3-1_amd64.deb
asterisk-mp3_1.8.3.3-1_amd64.deb
  to main/a/asterisk/asterisk-mp3_1.8.3.3-1_amd64.deb
asterisk-mysql_1.8.3.3-1_amd64.deb
  to main/a/asterisk/asterisk-mysql_1.8.3.3-1_amd64.deb
asterisk-ooh423_1.8.3.3-1_amd64.deb
  to main/a/asterisk/asterisk-ooh423_1.8.3.3-1_amd64.deb
asterisk-voicemail-imapstorage_1.8.3.3-1_amd64.deb
  to main/a/asterisk/asterisk-voicemail-imapstorage_1.8.3.3-1_amd64.deb
asterisk-voicemail-odbcstorage_1.8.3.3-1_amd64.deb
  to main/a/asterisk/asterisk-voicemail-odbcstorage_1.8.3.3-1_amd64.deb
asterisk-voicemail_1.8.3.3-1_amd64.deb
  to main/a/asterisk/asterisk-voicemail_1.8.3.3-1_amd64.deb
asterisk_1.8.3.3-1.debian.tar.gz
  to main/a/asterisk/asterisk_1.8.3.3-1.debian.tar.gz
asterisk_1.8.3.3-1.dsc
  to main/a/asterisk/asterisk_1.8.3.3-1.dsc
asterisk_1.8.3.3-1_amd64.deb
  to main/a/asterisk/asterisk_1.8.3.3-1_amd64.deb
asterisk_1.8.3.3.orig.tar.gz
  to main/a/asterisk/asterisk_1.8.3.3.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 610487@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Tzafrir Cohen <tzafrir@debian.org> (supplier of updated asterisk package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 25 Apr 2011 21:46:51 +0300
Source: asterisk
Binary: asterisk asterisk-modules asterisk-h423 asterisk-dahdi asterisk-voicemail asterisk-voicemail-imapstorage asterisk-voicemail-odbcstorage asterisk-ooh423 asterisk-mp3 asterisk-mysql asterisk-mobile asterisk-doc asterisk-dev asterisk-dbg asterisk-config
Architecture: source all amd64
Version: 1:1.8.3.3-1
Distribution: unstable
Urgency: high
Maintainer: Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org>
Changed-By: Tzafrir Cohen <tzafrir@debian.org>
Description: 
 asterisk   - Open Source Private Branch Exchange (PBX)
 asterisk-config - Configuration files for Asterisk
 asterisk-dahdi - DAHDI devices support for the Asterisk PBX
 asterisk-dbg - Debugging symbols for Asterisk
 asterisk-dev - Development files for Asterisk
 asterisk-doc - Source code documentation for Asterisk
 asterisk-h423 - H.323 protocol support for the Asterisk PBX
 asterisk-mobile - Bluetooth phone support for the Asterisk PBX
 asterisk-modules - loadable modules for the Asterisk PBX
 asterisk-mp3 - MP3 playback support for the Asterisk PBX (DUMMY)
 asterisk-mysql - MySQL database protocol support for the Asterisk PBX
 asterisk-ooh423 - H.323 protocol support for the Asterisk PBX - ooH323c
 asterisk-voicemail - simple voicemail support for the Asterisk PBX
 asterisk-voicemail-imapstorage - IMAP voicemail storage support for the Asterisk PBX
 asterisk-voicemail-odbcstorage - ODBC voicemail storage support for the Asterisk PBX
Closes: 531551 549054 590588 610487 614580 618790 618791 623775
Changes: 
 asterisk (1:1.8.3.3-1) unstable; urgency=high
 .
   [ Tzafrir Cohen ]
   * Switching to branch 1.8
     (Closes: #610487, #614580, #618790, #618791, #623775).
   * Patch parser-mangles-include dropped: merged upstream.
   * Patch dahdi-fxsks-hookstate dropped: merged upstream.
   * Patch dahdi_ptmp_nt dropped: silly hack no longer needed.
   * Patch dahdi_pri_debug_spannums dropped: merged upstream.
   * Patch moh_datadir dropped: merged upstream.
   * Patch settings_show_dirs dropped: merged upstream.
   * Patch man_hyphen dropped: merged upstream.
   * Patch typos dropped: merged upstream.
   * Patch rtcp_cli_fix dropped: merged upstream.
   * Sound files: version 1.4.20
   * Separate sub-package asterisk-modules to avoid multiarch issues.
   * Extra sub-package asterisk-dahdi for the dahdi modules (Closes: #590588).
   * As of 1.8.1, AST.pdf and AST.txt are generated from the wiki.
     - And thus no need for rubber at build time (Closes: #531551).
   * Separate sub-packages for voicemail backends:
     - asterisk-voicemail{,-{imap,odbc}storage}
     - And rename the modules accordingly.
   * asterisk-mysql, asterisk-mobile, asterisk-mp3, asterisk-ooh423:
     - asterisk-addons was merged into Asterisk.
     - Patch enable_addons: do build those modules.
     - Also app_saycountpl, which will go into the mian package.
     - Patch mpglib: mpglib from asterisk-addons, originally.
   * Patch gmime-2.4: fixes building with gmime 2.4 (Closes: #549054).
     - Requires re-generating configure script.
   * Patch openssl10: Fix detection of openssl 1.0.
   * Patch no_ssl2: Don't require client-side SSL2 support.
   * include menuselect.makeopts in the docs directory - let us know what
     modules were not built.
   * Bump Standards version to 3.9.2.0 (no change needed).
   * Upstream prefers chan_ooh423 to chan_h423. Suggest asterisk-ooh423.
   * Drop asterisk-sounds-main: we already have that functionality the
     asterisk-core-sounds packages.
   * Recommend a moh (music-on-hold) package to have music played on hold.
 .
   [ Faidon Liambotis ]
   * Switch to the "3.0 (quilt)" package source format.
 .
   [ Paul Belanger ]
   * Depend on libneon27-dev and libical-dev for calendar support.
   * Depend on libsrtp0-dev for SRTP support.
   * When compiling with DEB_BUILD_OPTIONS="debug" enable native Asterisk
     debugging tools.  Specifically DONT_OPTIMIZE, DEBUG_THREADS and
     --enable-dev-mode.
   * Regardless of which asterisk-voicemail-* is installed (each package
     conflicts on each other), the name of the module is now
     app_voicemail.so.
   * Fix a bug with app_voicemail-*.exports.in not being copied properly.
Checksums-Sha1: 
 79eeb272bbe58858858a209d2c4b1a8766f4ec1c 2395 asterisk_1.8.3.3-1.dsc
 af9e76c2ef96467869947ca1b07214c2abb25687 26871276 asterisk_1.8.3.3.orig.tar.gz
 8b73624f95692ee6941fd1f600d82ef81e1200a7 94516 asterisk_1.8.3.3-1.debian.tar.gz
 3761d38dcd1e07ec3a3602764d719b7e2aaeac09 4130144 asterisk-doc_1.8.3.3-1_all.deb
 b19ea198417b34e4202b283971eab6bddf680d14 773290 asterisk-dev_1.8.3.3-1_all.deb
 9acfd8973449d9bea79228b57488429e5866a542 824252 asterisk-config_1.8.3.3-1_all.deb
 69209628c2dcbc681601a46831083a6c9f93e6ff 1552706 asterisk_1.8.3.3-1_amd64.deb
 b29d00cc22aff010f46d76a71e2f5db1ac5fe6bd 2616088 asterisk-modules_1.8.3.3-1_amd64.deb
 086b308995de420810f05a4a63ae482337e3a670 599314 asterisk-h423_1.8.3.3-1_amd64.deb
 fbec7d8b619cbf3fe8d77d8c60c05de997e1bc07 719964 asterisk-dahdi_1.8.3.3-1_amd64.deb
 c5592dfc889f06545fa15689ae8947d104f06726 512328 asterisk-voicemail_1.8.3.3-1_amd64.deb
 6bd94903a07e49cfc958c821d46a1bd0a516ca2e 527884 asterisk-voicemail-imapstorage_1.8.3.3-1_amd64.deb
 67ec6f5bada0dfd4baee1b140794c53b3ea83a02 518440 asterisk-voicemail-odbcstorage_1.8.3.3-1_amd64.deb
 88854c14a5459ed8a6682cacd9c859aebff38f35 853722 asterisk-ooh423_1.8.3.3-1_amd64.deb
 093849e59d447f62a66017d621bc0cd2b6cb3b92 456404 asterisk-mp3_1.8.3.3-1_amd64.deb
 43314a1d91a5725c377057811fa719b79a91386d 481508 asterisk-mysql_1.8.3.3-1_amd64.deb
 99909077dc2c798ed8344cfee808217ee2a2c0d1 469840 asterisk-mobile_1.8.3.3-1_amd64.deb
 d80fd31c794141ffc8a5c82c9294a84c9daeea87 28740422 asterisk-dbg_1.8.3.3-1_amd64.deb
Checksums-Sha256: 
 d5ce9a2db8ff97a5f83b66771fb11240e2af02df3effbfae00eed862c4667995 2395 asterisk_1.8.3.3-1.dsc
 899399a5c5f089dc793d033f670f6c14e13447cf0830d9093d82873f4892da9b 26871276 asterisk_1.8.3.3.orig.tar.gz
 b4c7e6bbbaa35e745f85b22e2a1ea88ba08c4537eef9b1b95a2e7eac75a98ad4 94516 asterisk_1.8.3.3-1.debian.tar.gz
 a2f38933a2cc0ae638d2346c741b9f7cff433832662d9812d1ab56e0588d5c46 4130144 asterisk-doc_1.8.3.3-1_all.deb
 62acbcaa0c08c644679aa1bac7474ab76c636f3fb3de3fbbe9b52faf27678ca9 773290 asterisk-dev_1.8.3.3-1_all.deb
 358e61b5be735b3f2500eb6354dffae8fad0818021e771898ee90f019afb2e12 824252 asterisk-config_1.8.3.3-1_all.deb
 40a2ca7c5dcebc10a3cf5e618d000535f0e7c0bdb536ca2255b510e03dfbe434 1552706 asterisk_1.8.3.3-1_amd64.deb
 bf2492b3d1685d7fd41a4c6a30e9033bf1b0d8cea67aeaae073332f811c2dde7 2616088 asterisk-modules_1.8.3.3-1_amd64.deb
 da018879fccabf90f0383c90b3707ea52c5e6a72d8e2a7f790c7e58d67eeab25 599314 asterisk-h423_1.8.3.3-1_amd64.deb
 c0457a3f8562a5e74a0c5914cfc5ce04b8fdc5ec43ac9f0395b6312b605798a1 719964 asterisk-dahdi_1.8.3.3-1_amd64.deb
 65f00a27ec5887a9574de96b83bb211b828e350e18e2c6687aaad23367b71b16 512328 asterisk-voicemail_1.8.3.3-1_amd64.deb
 0eb920e51e5397e37a9d2d885005355dceac44fa9f872c819c182044bdc8a098 527884 asterisk-voicemail-imapstorage_1.8.3.3-1_amd64.deb
 a595bda7a1b06d50a808d63ab84dfa228dc53666923509f6f10b3349525f2e41 518440 asterisk-voicemail-odbcstorage_1.8.3.3-1_amd64.deb
 b284ea45bc4f44dec3803ea0d785cea3816f7dc7188d7cc520b78c1c76508207 853722 asterisk-ooh423_1.8.3.3-1_amd64.deb
 21895d9f68222f97143cbac867d8f043e30e7968f4e03f597631aeecde34e50c 456404 asterisk-mp3_1.8.3.3-1_amd64.deb
 dbe2ac8d85a17797677b11f06bd59c7d7fce4d10e335b4890b2ee0a98624301e 481508 asterisk-mysql_1.8.3.3-1_amd64.deb
 d6abbd5803e6369fd9111700ecbaaa94ff72eebe77c1ef9208fda4905d6bf51c 469840 asterisk-mobile_1.8.3.3-1_amd64.deb
 32ee81b6d86a7d800caf66bc1af8d0a55cefe43969e9b4e38ed0da120aa535c1 28740422 asterisk-dbg_1.8.3.3-1_amd64.deb
Files: 
 84eb91a51cb390c0386d728a70851b15 2395 comm optional asterisk_1.8.3.3-1.dsc
 800684984c394ded3effe5096b579488 26871276 comm optional asterisk_1.8.3.3.orig.tar.gz
 e51bf412371719f18bead90843cde4f7 94516 comm optional asterisk_1.8.3.3-1.debian.tar.gz
 347f78f7ba1a117a8d3303e130c9ff9f 4130144 doc extra asterisk-doc_1.8.3.3-1_all.deb
 f0c9f58dbc89fbfa35a08959791eb50a 773290 devel extra asterisk-dev_1.8.3.3-1_all.deb
 d7a9e71bc91f8ce986e2bdde8a73d1b9 824252 comm optional asterisk-config_1.8.3.3-1_all.deb
 cfb20c6da6b8e962fc7d3d894dfaf9d6 1552706 comm optional asterisk_1.8.3.3-1_amd64.deb
 5c75515911372aa6768f006af4c19d9e 2616088 libs optional asterisk-modules_1.8.3.3-1_amd64.deb
 b768193ee56117b2ef505e9abac2aff9 599314 comm optional asterisk-h423_1.8.3.3-1_amd64.deb
 4b10215d5de55f9f8467d96408f0124e 719964 comm optional asterisk-dahdi_1.8.3.3-1_amd64.deb
 716afec6ba0271d3748b770b44f1be55 512328 comm optional asterisk-voicemail_1.8.3.3-1_amd64.deb
 c3fcf620cdb4743cc4bf3df653f1925b 527884 comm optional asterisk-voicemail-imapstorage_1.8.3.3-1_amd64.deb
 5bb8183ef427b9630375f37e588085ff 518440 comm optional asterisk-voicemail-odbcstorage_1.8.3.3-1_amd64.deb
 8c8aba2392b04800a83f1671b3271af3 853722 comm optional asterisk-ooh423_1.8.3.3-1_amd64.deb
 bed7f55515606a52369dac25fa6af2a2 456404 comm optional asterisk-mp3_1.8.3.3-1_amd64.deb
 adfe4a3ba5c1e43d45a54081965eaeb6 481508 comm optional asterisk-mysql_1.8.3.3-1_amd64.deb
 5d4b29e25c8b7b0a8708f3e459d5e372 469840 comm optional asterisk-mobile_1.8.3.3-1_amd64.deb
 6211b7007f0a7846d5052242ca853c7d 28740422 debug extra asterisk-dbg_1.8.3.3-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAk212rkACgkQxArWdkN9MotoPwCgycj0aV/SzfFxDJZk6HjolsE9
C9sAoINpM5VianTex8WamU9/ExLfI6ZA
=tMth
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.