Source: asterisk Version: 1:13.1.0~dfsg-1 Severity: grave Tags: security upstream patch fixed-upstream
Hi, the following vulnerability was published for asterisk. CVE-2015-1558[0]: | Asterisk Open Source 12.x before 12.8.1 and 13.x before 13.1.1, when | using the PJSIP channel driver, does not properly reclaim RTP ports, | which allows remote authenticated users to cause a denial of service | (file descriptor consumption) via an SDP offer containing only | incompatible codecs. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-1558 [1] http://downloads.asterisk.org/pub/security/AST-2015-001.html [2] https://issues.asterisk.org/jira/browse/ASTERISK-24666 Regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org