Your message dated Sat, 17 Feb 2007 12:09:53 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#394025: fixed in asterisk 1:1.0.7.dfsg.1-2sarge4
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: asterisk
Version: 1.0.7.dfsg.1-2sarge3
Severity: Critical
Tags: Security
Asterisk 1.0 and 1.2 versions up to and including 1.2.12.1 and 1.0.11 are
vulnerable to a remote, unauthenticated heap overflow leading to arbitrary
code execution as root.
New upstream releases 1.0.12 and 1.2.13 provide patches for this problem.
No public expliot is currently known, but private proof-of-concept took
less than a day.
More information is available in the security advisory from
Security-Assessment, at http://www.security-assessment.com, or
http://www.storm.net.nz/projects/18
---
Adam Boileau / Metlstorm
--- End Message ---
--- Begin Message ---
Source: asterisk
Source-Version: 1:1.0.7.dfsg.1-2sarge4
We believe that the bug you reported is fixed in the latest version of
asterisk, which is due to be installed in the Debian FTP archive:
asterisk-config_1.0.7.dfsg.1-2sarge4_all.deb
to pool/main/a/asterisk/asterisk-config_1.0.7.dfsg.1-2sarge4_all.deb
asterisk-dev_1.0.7.dfsg.1-2sarge4_all.deb
to pool/main/a/asterisk/asterisk-dev_1.0.7.dfsg.1-2sarge4_all.deb
asterisk-doc_1.0.7.dfsg.1-2sarge4_all.deb
to pool/main/a/asterisk/asterisk-doc_1.0.7.dfsg.1-2sarge4_all.deb
asterisk-gtk-console_1.0.7.dfsg.1-2sarge4_powerpc.deb
to pool/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge4_powerpc.deb
asterisk-h323_1.0.7.dfsg.1-2sarge4_powerpc.deb
to pool/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge4_powerpc.deb
asterisk-sounds-main_1.0.7.dfsg.1-2sarge4_all.deb
to pool/main/a/asterisk/asterisk-sounds-main_1.0.7.dfsg.1-2sarge4_all.deb
asterisk-web-vmail_1.0.7.dfsg.1-2sarge4_all.deb
to pool/main/a/asterisk/asterisk-web-vmail_1.0.7.dfsg.1-2sarge4_all.deb
asterisk_1.0.7.dfsg.1-2sarge4.diff.gz
to pool/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge4.diff.gz
asterisk_1.0.7.dfsg.1-2sarge4.dsc
to pool/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge4.dsc
asterisk_1.0.7.dfsg.1-2sarge4_powerpc.deb
to pool/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge4_powerpc.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Ben Hutchings <[EMAIL PROTECTED]> (supplier of updated asterisk package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 25 Nov 2006 16:12:26 +0000
Source: asterisk
Binary: asterisk-sounds-main asterisk-h323 asterisk-web-vmail
asterisk-gtk-console asterisk asterisk-config asterisk-dev asterisk-doc
Architecture: source all powerpc
Version: 1:1.0.7.dfsg.1-2sarge4
Distribution: stable-security
Urgency: high
Maintainer: Martin Schulze <[EMAIL PROTECTED]>
Changed-By: Ben Hutchings <[EMAIL PROTECTED]>
Description:
asterisk - open source Private Branch Exchange (PBX)
asterisk-config - config files for asterisk
asterisk-dev - development files for asterisk
asterisk-doc - documentation for asterisk
asterisk-gtk-console - gtk based console for asterisk
asterisk-h323 - asterisk H.323 VoIP channel
asterisk-sounds-main - sound files for asterisk
asterisk-web-vmail - web based (GCI) voice mail interface for asterisk
Closes: 394025
Changes:
asterisk (1:1.0.7.dfsg.1-2sarge4) stable-security; urgency=high
.
* Non-maintainer upload
* Backported fix for buffer overflow in chan_skinny driver
induced by an undetected integer underflow
[debian/patches/99_CVE-2006-5444.dpatch] (Closes: #394025)
Files:
2441c1ccc8467ecefc45b58711b9602f 1259 comm optional
asterisk_1.0.7.dfsg.1-2sarge4.dsc
17c8aaae715230d9ea8d0485eb7cfe95 70588 comm optional
asterisk_1.0.7.dfsg.1-2sarge4.diff.gz
a5ddadc5ba22723d32a74a2bc4fb9dfc 1577766 doc optional
asterisk-doc_1.0.7.dfsg.1-2sarge4_all.deb
0fda6ac9d47e7d5bcd9786c7ab17ebd5 83382 devel optional
asterisk-dev_1.0.7.dfsg.1-2sarge4_all.deb
bf9fae8e20a5e299d1c24e5fce59ee96 1180298 comm optional
asterisk-sounds-main_1.0.7.dfsg.1-2sarge4_all.deb
eb425bfc6db224dd17346c0a03f06853 28378 comm optional
asterisk-web-vmail_1.0.7.dfsg.1-2sarge4_all.deb
84dd16720f492033c5c034b69f033f7f 61616 comm optional
asterisk-config_1.0.7.dfsg.1-2sarge4_all.deb
dae96f2c81168d452cd05b70316632db 1425172 comm optional
asterisk_1.0.7.dfsg.1-2sarge4_powerpc.deb
fafe504d906ab206c8c66c558ca866c5 21444 comm optional
asterisk-h323_1.0.7.dfsg.1-2sarge4_powerpc.deb
86982177ea3ab8dd23daa989e976c316 31166 comm optional
asterisk-gtk-console_1.0.7.dfsg.1-2sarge4_powerpc.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFFaJM3W5ql+IAeqTIRAtQ5AJ9baVC7WlGwgHpihQOiwUROtMelAACePDmV
eDeXS9+NmIqzWnKXsWmaObY=
=VS7e
-----END PGP SIGNATURE-----
--- End Message ---
