Your message dated Mon, 25 Sep 2006 20:03:19 +0200
with message-id <[EMAIL PROTECTED]>
has caused the Debian Bug report #389252,
regarding twinkle: PRACK messages should be authenticated
to be marked as having been forwarded to the upstream software
author(s) [EMAIL PROTECTED]
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Hi,
I'm forwarding a bug I reported to the Debian BTS. Please keep CC
[EMAIL PROTECTED] in replies.
Regards,
Mikael
Package: twinkle
Version: 1:0.8.1-1
Severity: normal
Twinkle fails to respond to Proxy-Authentication challenges of PRACK
requests.
According to RFC 3262:
9 Security Considerations
The PRACK request can be injected by attackers to force
retransmissions of reliable provisional responses to cease. As these
responses can convey important information, PRACK messages SHOULD be
authenticated as any other request. Authentication procedures are
specified in RFC 3261.
--- End Message ---
