Your message dated Thu, 08 Feb 2018 21:17:11 +0000 with message-id <e1ejtz9-000hir...@fasolo.debian.org> and subject line Bug#884345: fixed in asterisk 1:13.14.1~dfsg-2+deb9u3 has caused the Debian Bug report #884345, regarding asterisk: CVE-2017-17664: Remote Crash Vulnerability in RTCP Stack to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 884345: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884345 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: asterisk Version: 1:13.18.1~dfsg-1 Severity: grave Tags: patch security upstream Hi, the following vulnerability was published for asterisk. CVE-2017-17664[0]: | A Remote Crash issue was discovered in Asterisk Open Source 13.x before | 13.18.4, 14.x before 14.7.4, and 15.x before 15.1.4 and Certified | Asterisk before 13.13-cert9. Certain compound RTCP packets cause a | crash in the RTCP Stack. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-17664 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17664 [1] http://downloads.digium.com/pub/security/AST-2017-012.html [2] https://issues.asterisk.org/jira/browse/ASTERISK-27382 [3] https://issues.asterisk.org/jira/browse/ASTERISK-27429 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: asterisk Source-Version: 1:13.14.1~dfsg-2+deb9u3 We believe that the bug you reported is fixed in the latest version of asterisk, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 884...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Tzafrir Cohen <tzaf...@debian.org> (supplier of updated asterisk package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 29 Dec 2017 16:27:08 +0200 Source: asterisk Binary: asterisk asterisk-modules asterisk-dahdi asterisk-vpb asterisk-voicemail asterisk-voicemail-imapstorage asterisk-voicemail-odbcstorage asterisk-ooh323 asterisk-mp3 asterisk-mysql asterisk-mobile asterisk-doc asterisk-dev asterisk-config Architecture: source all amd64 Version: 1:13.14.1~dfsg-2+deb9u3 Distribution: stretch-security Urgency: medium Maintainer: Debian VoIP Team <pkg-voip-maintain...@lists.alioth.debian.org> Changed-By: Tzafrir Cohen <tzaf...@debian.org> Description: asterisk - Open Source Private Branch Exchange (PBX) asterisk-config - Configuration files for Asterisk asterisk-dahdi - DAHDI devices support for the Asterisk PBX asterisk-dev - Development files for Asterisk asterisk-doc - Source code documentation for Asterisk asterisk-mobile - Bluetooth phone support for the Asterisk PBX asterisk-modules - loadable modules for the Asterisk PBX asterisk-mp3 - MP3 playback support for the Asterisk PBX asterisk-mysql - MySQL database protocol support for the Asterisk PBX asterisk-ooh323 - H.323 protocol support for the Asterisk PBX - ooH323c asterisk-voicemail - simple voicemail support for the Asterisk PBX asterisk-voicemail-imapstorage - IMAP voicemail storage support for the Asterisk PBX asterisk-voicemail-odbcstorage - ODBC voicemail storage support for the Asterisk PBX asterisk-vpb - VoiceTronix devices support for the Asterisk PBX Closes: 881256 881257 883342 883767 884345 Changes: asterisk (1:13.14.1~dfsg-2+deb9u3) stretch-security; urgency=medium . [ Tzafrir Cohen ] * AST-2017-009: ignored for the record. * AST-2017-010 / CVE-2017-16671: Buffer overflow in CDRs (call logs) (Closes: #881257) * AST-2017-011 / CVE-2017-16672: Memory/File Descriptor/RTP leak in pjsip session resource (Closes: #881256) * AST-2017-012 / CVE-2017-17664: Remote Crash Vulnerability in RTCP Stack (Closes: #884345) * AST-2017-013 / CVE-2017-17090: DoS (memory leak) in chan_skinny (Closes: #883342) * ASTERISK-26606.patch: fix openssl error reporting (Closes: #883767) * debian/.gitignore: typo * gbp.conf: set branch name . [ Bernhard Schmidt ] * Drop duplicate filter line from d/gbp.conf Checksums-Sha1: 5fce94fbdf2237e4c4c080270122667ccf28aed9 3934 asterisk_13.14.1~dfsg-2+deb9u3.dsc 7cede2dab885f7d544beca47354ee6d0f3040f6f 147444 asterisk_13.14.1~dfsg-2+deb9u3.debian.tar.xz ebb59af694980872d7365768f2638f6ceb2539e7 1121816 asterisk-config_13.14.1~dfsg-2+deb9u3_all.deb 7e12463561214fcf7381728499a79c07ae836701 551330 asterisk-dahdi-dbgsym_13.14.1~dfsg-2+deb9u3_amd64.deb 521672917f118432868f8cb3cbc8637d59c1563d 959964 asterisk-dahdi_13.14.1~dfsg-2+deb9u3_amd64.deb 388426a195ec2a0e4ddd7d94a4ecc5f394bc0bd1 3319878 asterisk-dbgsym_13.14.1~dfsg-2+deb9u3_amd64.deb abd125d1db6b00a2df343b6b33a6df47fcad3d88 1156100 asterisk-dev_13.14.1~dfsg-2+deb9u3_all.deb 3a7f07fa63733052d663d0a815280aaa3fb47200 1462622 asterisk-doc_13.14.1~dfsg-2+deb9u3_all.deb 2649ad560da1edfe57c15c226a49daa2b3f1780a 69572 asterisk-mobile-dbgsym_13.14.1~dfsg-2+deb9u3_amd64.deb 00765a5193f4f2cdd972a23199a90ad55f3b0a0d 755530 asterisk-mobile_13.14.1~dfsg-2+deb9u3_amd64.deb 1145823333ab71dfaf56e44c1329ce9a00140526 8975874 asterisk-modules-dbgsym_13.14.1~dfsg-2+deb9u3_amd64.deb aceed0d472a9a3ff260e2844339b1f3fc93ec8cc 2898258 asterisk-modules_13.14.1~dfsg-2+deb9u3_amd64.deb 0ce63dba11561a4abc9f8a288c403266fcc49eda 44152 asterisk-mp3-dbgsym_13.14.1~dfsg-2+deb9u3_amd64.deb 94722b1cfe5b8d1353e0693d78720ff9d5c019a6 744384 asterisk-mp3_13.14.1~dfsg-2+deb9u3_amd64.deb 9f431bb5d843c05372d6b7475593943eed7dd32e 112718 asterisk-mysql-dbgsym_13.14.1~dfsg-2+deb9u3_amd64.deb ff4752ecdd8f1df89bbb337fe47844433f2322a5 759306 asterisk-mysql_13.14.1~dfsg-2+deb9u3_amd64.deb 8e50f43c2fd4ef8d3d31abfeebd4f2d36963ef6d 1399574 asterisk-ooh323-dbgsym_13.14.1~dfsg-2+deb9u3_amd64.deb c0a25bc7ca029bded752f089c6b1277bbc85b763 1058770 asterisk-ooh323_13.14.1~dfsg-2+deb9u3_amd64.deb df64458b53008a2070d71137ce065c83e8d752d8 210266 asterisk-voicemail-dbgsym_13.14.1~dfsg-2+deb9u3_amd64.deb 8213f43500f8919add427ced2e5f98c613bb1fea 246732 asterisk-voicemail-imapstorage-dbgsym_13.14.1~dfsg-2+deb9u3_amd64.deb 090ec1e305845a7f58740dd48ea79530f9695338 823406 asterisk-voicemail-imapstorage_13.14.1~dfsg-2+deb9u3_amd64.deb 1546e3466c2e59ff8c7dd9b30605c57381e80e8c 221926 asterisk-voicemail-odbcstorage-dbgsym_13.14.1~dfsg-2+deb9u3_amd64.deb 618f05cdde80ce4c1140c0bee6f40c3eaea58ab1 812456 asterisk-voicemail-odbcstorage_13.14.1~dfsg-2+deb9u3_amd64.deb 7ec83366c1bc1fcc3a9135c17c37460ce3d588b7 806552 asterisk-voicemail_13.14.1~dfsg-2+deb9u3_amd64.deb c368206200b104f0610f4c17a1c638e9488b1ab8 66062 asterisk-vpb-dbgsym_13.14.1~dfsg-2+deb9u3_amd64.deb 05866758cac182f714b6859b5d0b0d714413d6d2 746870 asterisk-vpb_13.14.1~dfsg-2+deb9u3_amd64.deb dec30dac2bcc3b5adc7044ec108164c340955bae 27113 asterisk_13.14.1~dfsg-2+deb9u3_amd64.buildinfo 91615b321192a2cfafa7e38975be2232e0ecf8a3 2215340 asterisk_13.14.1~dfsg-2+deb9u3_amd64.deb Checksums-Sha256: 8b1dcb56d58e1989352e5d6c011129066b5cf6454a08d5446615e15dcdd84c54 3934 asterisk_13.14.1~dfsg-2+deb9u3.dsc e043c97d139f5ca68a350827dcee7d0882600603751bf016ab5967616344a65d 147444 asterisk_13.14.1~dfsg-2+deb9u3.debian.tar.xz faf7c6b6bcaae09fc8055036cc4078a67c9651847a2f51e7da6a1ffeb4095fc7 1121816 asterisk-config_13.14.1~dfsg-2+deb9u3_all.deb 206d96e76cecacc4343d39888cf0383e9a06299fa3635e6955f13726d33dbc0f 551330 asterisk-dahdi-dbgsym_13.14.1~dfsg-2+deb9u3_amd64.deb c6687247562a6fac3b48c798cf7727ee1ba9483fc5cc52cf930b453e04c2e7e9 959964 asterisk-dahdi_13.14.1~dfsg-2+deb9u3_amd64.deb 14fe085ee78b304a98ecf4f8d90385ac71f59b3bc11d17db79e68c6e80a4e0c2 3319878 asterisk-dbgsym_13.14.1~dfsg-2+deb9u3_amd64.deb e404215f7a56e004c0dd02964c8d0d57bd01bc2fde426529ebd7fe812e2dd5e4 1156100 asterisk-dev_13.14.1~dfsg-2+deb9u3_all.deb 9eba8db4159b9b21264e070c905ce29b0ee739e9104261e97fba00cbdaaf7fbb 1462622 asterisk-doc_13.14.1~dfsg-2+deb9u3_all.deb aa692683fed5eebf5620994db5d7db11ffa1379d1732c0774d8f20a6058c121c 69572 asterisk-mobile-dbgsym_13.14.1~dfsg-2+deb9u3_amd64.deb 57e78ba74ad779da25027194d36779a80a1f4d72c863d6fa9aac52479ce53edc 755530 asterisk-mobile_13.14.1~dfsg-2+deb9u3_amd64.deb 262a5c6f58ea40067e340ad9a4968c8bc28b4b2bb6f79f03fe81b27912db5de5 8975874 asterisk-modules-dbgsym_13.14.1~dfsg-2+deb9u3_amd64.deb 41c6fdf1c2b44848df3bcf6217428c0048122061c4ad8643de9668199afce548 2898258 asterisk-modules_13.14.1~dfsg-2+deb9u3_amd64.deb 8d91682687ae40e7bffd3f237a88e13b5fab714306dd46e2196238ca6e772072 44152 asterisk-mp3-dbgsym_13.14.1~dfsg-2+deb9u3_amd64.deb cd728391fe6ce0c9d1286603c473e86db444c12fd515d5e9d3e22218a0b3a15c 744384 asterisk-mp3_13.14.1~dfsg-2+deb9u3_amd64.deb b4a5cf9c23defe114c7c1002df2d6362882c72133a5752fea7dac53dc33ca2e1 112718 asterisk-mysql-dbgsym_13.14.1~dfsg-2+deb9u3_amd64.deb cb70d25828bde7e38b25f9ce056c62774fbf4d50e460625c213a9e00b54c47b8 759306 asterisk-mysql_13.14.1~dfsg-2+deb9u3_amd64.deb 13073bb14b25f5a5c6e3d36647b4adf3c9fcadb76fa859b0269f76f433945a26 1399574 asterisk-ooh323-dbgsym_13.14.1~dfsg-2+deb9u3_amd64.deb ebdc83e621938e52c41b772d6cff8001bdd965d4d01d150f1e943bee92249b25 1058770 asterisk-ooh323_13.14.1~dfsg-2+deb9u3_amd64.deb c2816653eba0ac1446338bbe72a017d5623c76d68f71feebabe6827c3de38101 210266 asterisk-voicemail-dbgsym_13.14.1~dfsg-2+deb9u3_amd64.deb f5f37eac431dc77cd406dd65ff1c63c0615e0e046c0f4d0c523e9795efbd884e 246732 asterisk-voicemail-imapstorage-dbgsym_13.14.1~dfsg-2+deb9u3_amd64.deb 11f1695f03318766405bfdad9d4be73f172ded19a9190e735b591e975751c44a 823406 asterisk-voicemail-imapstorage_13.14.1~dfsg-2+deb9u3_amd64.deb 60ef41d6e0ab9817be46ae2f212ab98593482fdd03a186cba462c197b87980cb 221926 asterisk-voicemail-odbcstorage-dbgsym_13.14.1~dfsg-2+deb9u3_amd64.deb 0f042c4b7767b7e893919a7aea3358a5582ef6d02965446d86049e8a0c160efb 812456 asterisk-voicemail-odbcstorage_13.14.1~dfsg-2+deb9u3_amd64.deb 7f843ca4cdbf8fadb4acd61c7cea4c3f964b46bb4c1720ab150722c8979b4bb6 806552 asterisk-voicemail_13.14.1~dfsg-2+deb9u3_amd64.deb 240bd02fee7d85b27eebcb40dd2726808861dcdaa45b98d26ac1e2907524b712 66062 asterisk-vpb-dbgsym_13.14.1~dfsg-2+deb9u3_amd64.deb 79abca388326a22c622618bc08b1352914354222bbd48e1235413f5a40ef12ee 746870 asterisk-vpb_13.14.1~dfsg-2+deb9u3_amd64.deb 45ecb1cf9ae5b2ede9acbf03fff51e6df695f2009086def35a35c7a2bfb24ef1 27113 asterisk_13.14.1~dfsg-2+deb9u3_amd64.buildinfo b0e8eeaa66d545cc70bb3363845baa71d48ca347f0ee8fac8970dacfc4faae2d 2215340 asterisk_13.14.1~dfsg-2+deb9u3_amd64.deb Files: 76ec0cc8bd3913a6193f1508303690b0 3934 comm optional asterisk_13.14.1~dfsg-2+deb9u3.dsc a2a7e711b59887e8bd678517dcca6d2e 147444 comm optional asterisk_13.14.1~dfsg-2+deb9u3.debian.tar.xz 10d59b37728ba7a0d9a7d1c3a5e3d2c2 1121816 comm optional asterisk-config_13.14.1~dfsg-2+deb9u3_all.deb 03921e054560d463faba58e6d6bf8b85 551330 debug extra asterisk-dahdi-dbgsym_13.14.1~dfsg-2+deb9u3_amd64.deb 23ac77c99f58bbe5c785ba462496628c 959964 comm optional asterisk-dahdi_13.14.1~dfsg-2+deb9u3_amd64.deb f3a9be22a54924c6d97105268a317490 3319878 debug extra asterisk-dbgsym_13.14.1~dfsg-2+deb9u3_amd64.deb 37d6e4c699ccf19558a39bc7ef53a8db 1156100 devel extra asterisk-dev_13.14.1~dfsg-2+deb9u3_all.deb e10235f28ce17b945fceb1fd7cc0e536 1462622 doc extra asterisk-doc_13.14.1~dfsg-2+deb9u3_all.deb 4879329571a3b31c4875edabb3bf4e36 69572 debug extra asterisk-mobile-dbgsym_13.14.1~dfsg-2+deb9u3_amd64.deb d19ab049639570300d85d26311c755ec 755530 comm optional asterisk-mobile_13.14.1~dfsg-2+deb9u3_amd64.deb b3d15b68a26d2d928611b7f43ec9e7f2 8975874 debug extra asterisk-modules-dbgsym_13.14.1~dfsg-2+deb9u3_amd64.deb 887c76c825741e59c93aada99efc5a27 2898258 libs optional asterisk-modules_13.14.1~dfsg-2+deb9u3_amd64.deb 45506d19e654bf36076d1c8aae879149 44152 debug extra asterisk-mp3-dbgsym_13.14.1~dfsg-2+deb9u3_amd64.deb b94c76358f791730385dc25e6f3274e9 744384 comm optional asterisk-mp3_13.14.1~dfsg-2+deb9u3_amd64.deb 8b43e6c1daf92e942e5217366e4a2dc8 112718 debug extra asterisk-mysql-dbgsym_13.14.1~dfsg-2+deb9u3_amd64.deb 4c9613ae26aaf49e6acc6afc6711a1e1 759306 comm optional asterisk-mysql_13.14.1~dfsg-2+deb9u3_amd64.deb 93f2b65b3c1d8838c269425bfa386a9a 1399574 debug extra asterisk-ooh323-dbgsym_13.14.1~dfsg-2+deb9u3_amd64.deb e23968a676f568eadd9ffadfbb317a64 1058770 comm optional asterisk-ooh323_13.14.1~dfsg-2+deb9u3_amd64.deb 8c63941be6b8d3797231ef715dba1968 210266 debug extra asterisk-voicemail-dbgsym_13.14.1~dfsg-2+deb9u3_amd64.deb 35a70b9e4576e373d038bd487c98a785 246732 debug extra asterisk-voicemail-imapstorage-dbgsym_13.14.1~dfsg-2+deb9u3_amd64.deb 0d0138a5019fec845145dabf1d99d0b8 823406 comm optional asterisk-voicemail-imapstorage_13.14.1~dfsg-2+deb9u3_amd64.deb e839151059c8fd9ac771b47febd98940 221926 debug extra asterisk-voicemail-odbcstorage-dbgsym_13.14.1~dfsg-2+deb9u3_amd64.deb 634e7c47e1d080bf0035fbdb1f1d26aa 812456 comm optional asterisk-voicemail-odbcstorage_13.14.1~dfsg-2+deb9u3_amd64.deb 6d14d729a9d53080cc3b0c0283b236aa 806552 comm optional asterisk-voicemail_13.14.1~dfsg-2+deb9u3_amd64.deb 97b23ce2f20b805f0130acb4f76bed2a 66062 debug extra asterisk-vpb-dbgsym_13.14.1~dfsg-2+deb9u3_amd64.deb c171f811b53c9fb1ef1aba9725625fe7 746870 comm optional asterisk-vpb_13.14.1~dfsg-2+deb9u3_amd64.deb dba0592aa17801d8df64517ec1914527 27113 comm optional asterisk_13.14.1~dfsg-2+deb9u3_amd64.buildinfo 375e2ae73dbc41e11d1c4121883f2e3d 2215340 comm optional asterisk_13.14.1~dfsg-2+deb9u3_amd64.deb -----BEGIN PGP SIGNATURE----- iQGzBAEBCAAdFiEEjhGGa0mM+W3ykQJyjv1MLwMloM4FAlpGXV8ACgkQjv1MLwMl oM7Uwgv/QCjJwFS56xAHso2/9E65nBB1Ka3jurN6gJ35wHej32NAy2XKdbiHtHOB He044JbQSe/rp9sfguCSD3esGvbwBhQE67QgNgItlqquzEzUIn2r+GRnPo9t4sBn ohE+MfdczjyNuKbpxU+Pm3IP3CaYJU5BxTwFb+FeoQv/wMXrnFaJDHPI4R2qR1iv s4CwP1E3m6vBlZ3Ex/nid7GzKIlxg5S47GgCrsVbWUM8F1kVbt6hCUBQbXOQR57G qPmmt5EBgiyVMjm3Nbq6Ie0/OWRwc1SQACKPfoDqM4EXKVzL0W1gGtgy99oWzx19 Uu4QDXLS/f4YcP10EQ461xYzc96h5iahayjlo2P8Ir1dNTiSglkUI730++NZXXJH AHu7xmQ2vblG8ovcIECOdNN4teCgTi6HR1T/5Dnw+46idQZ86Aa3sa6ER9BwytFv F0rA0ezsxmMspcS3afLJSmNGU5oceSYXDvF1jXHMxVF5rGSpZ3zhA3jpLh+gi5FL zfU4JZEh =6T+c -----END PGP SIGNATURE-----
--- End Message ---
