Your message dated Sun, 17 Jan 2021 15:48:29 +0000 with message-id <e1l1ai1-0002b4...@fasolo.debian.org> and subject line Bug#979372: fixed in asterisk 1:16.15.1~dfsg-1 has caused the Debian Bug report #979372, regarding asterisk: CVE-2020-35652 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 979372: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979372 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: asterisk Version: 1:16.15.0~dfsg-1 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: found -1 1:16.2.1~dfsg-1+deb10u2 Hi, The following vulnerability was published for asterisk. Rationale: Choosed RC severity orthogonally to a potential no-dsa decision, but ideally it get fixed in time for the bullseye release. CVE-2020-35652[0]: | remote crash in res_pjsip_diversion If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-35652 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35652 [1] https://issues.asterisk.org/jira/browse/ASTERISK-29191 [2] https://issues.asterisk.org/jira/browse/ASTERISK-29219 [3] https://downloads.asterisk.org/pub/security/AST-2020-003.html [4] https://downloads.asterisk.org/pub/security/AST-2020-004.html Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: asterisk Source-Version: 1:16.15.1~dfsg-1 Done: Bernhard Schmidt <be...@debian.org> We believe that the bug you reported is fixed in the latest version of asterisk, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 979...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Bernhard Schmidt <be...@debian.org> (supplier of updated asterisk package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 17 Jan 2021 15:56:22 +0100 Source: asterisk Architecture: source Version: 1:16.15.1~dfsg-1 Distribution: unstable Urgency: medium Maintainer: Debian VoIP Team <pkg-voip-maintain...@lists.alioth.debian.org> Changed-By: Bernhard Schmidt <be...@debian.org> Closes: 979372 Changes: asterisk (1:16.15.1~dfsg-1) unstable; urgency=medium . * New upstream version 16.15.1~dfsg - CVE-2020-35652 / AST-2020-003 + AST-2020-004 (Closes: #979372) Remote crash in res_pjsip_diversion Checksums-Sha1: 5e6bb9c59ec223cebeb9f27f6ebb3f610ae8ba0f 4201 asterisk_16.15.1~dfsg-1.dsc 634cf576f6d8c6a6611d0f296b2eb3148ba60e76 7047652 asterisk_16.15.1~dfsg.orig.tar.xz 7986a9e747d87a98f4affd50c0da6c28a5c5ed52 5948884 asterisk_16.15.1~dfsg-1.debian.tar.xz 4984d4a2fc35d949e6c7e88d6043e6b381e5eb40 27113 asterisk_16.15.1~dfsg-1_amd64.buildinfo Checksums-Sha256: ce69265e87976eb27ac01d16b0a59d8d552e0b9d18b0857dbcbb18d142898f63 4201 asterisk_16.15.1~dfsg-1.dsc fdacf454098cce11f8a1961dd51411d05a96c50ea594e64883be111f99b36287 7047652 asterisk_16.15.1~dfsg.orig.tar.xz 882720af13cfc62ec060189a402a8ce982704a98d4d07917860dbcf70f98e29e 5948884 asterisk_16.15.1~dfsg-1.debian.tar.xz 67392743a8867de9836180d3522fc2b89f97eae69e93df84458e83c4fcb57af6 27113 asterisk_16.15.1~dfsg-1_amd64.buildinfo Files: 6d3ee0b8683e82d13bee3f1fda05203e 4201 comm optional asterisk_16.15.1~dfsg-1.dsc c11c103eca25588a7e78da0d55d76d7a 7047652 comm optional asterisk_16.15.1~dfsg.orig.tar.xz 4284b89561a1b53c00ae816a6a51dcfe 5948884 comm optional asterisk_16.15.1~dfsg-1.debian.tar.xz e96c31525535130046854f0699e82aed 27113 comm optional asterisk_16.15.1~dfsg-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQJFBAEBCgAvFiEE1uAexRal3873GVbTd1B55bhQvJMFAmAEWCARHGJlcm5pQGRl Ymlhbi5vcmcACgkQd1B55bhQvJMSpA/8CABnClT0X1TyWGB/WWCnL6Lc6pPL2wXc r7f6uPh3aOndfnsEqPnkAdIAIgFhcfI67ryxcVQHP+S448/HBTjBN4h87hLAZbwg /1pKY3esujlNdzmvg6MioSZW7khzWvRlRs1zFrDsdmEuH3D1O23yoGUJI8qZG8wp Vm/gWFuzjzwDyJ5IWH7b9ASH0LvxwbG5LpE7pPgUQDL434VckcMQN2+rBzhqo/iR HvSyjS8P2XVbWbasF6/ajrU86eh5tXRo53krhNEGinxixyo9DwHn0eY4OdIcGJjv vC720WgTQi/TOPheDNsfFn15/3A2jPDxe7nUdLRi0zG4wmxDp+X2vtkhlpLpakhJ N04MG5blFNCnxh7YbWNlwzGzPbjgRSNmymk1S/FVj91HW+iVbOTCiQ0cnjmuByAk FYwMEvsi5LberfyXwbXk4kvFGsDgANeV9Ub7xVV2SSfC6Mjt0m0U8VRNmYsVtvdf az1w4TNX9qtfueaOF5uVWrlZWqT93TWxQpptGqnFLLQAd+PLCE3MJtpMLwcB4Yct dtPXVpC+/i/f1bdtkqDHXcfSrz305gW1RCGxa4P3AYFt2S/iMDQjDl1/7/9kMR7Y +lPpXkIsTbAzaHsA1f8euSaCQPZQlT+rzh9JMmC3uwVwPP0gKXGJvGGjedZTad+4 oJcLZn0rEq4= =A/hf -----END PGP SIGNATURE-----
--- End Message ---
