Hi Kees,
I tested it out today and am successfully able to make calls from
different PC's (and different IAX clients) to the echo channel. I am
unable to properly make two clients connect to one another. I had
seemingly accomplished this on Hardy by running two copies of VoixPhone
on the same
Any progress on testing these changes?
--
Fix vulnerabilities in channels/chan_ia2x.c
https://bugs.launchpad.net/bugs/345217
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
--
ubuntu-bugs mailing list
ubuntu-b...@lists.ubuntu.com
Looks good. It sounds like you tested on Hardy -- did Intrepid and
Jaunty get tested as well? I'll get these ready for uploading.
** Changed in: asterisk (Ubuntu Jaunty)
Assignee: (unassigned) = Brian Thomason (brian-thomason)
--
Fix vulnerabilities in channels/chan_ia2x.c
** Changed in: asterisk (Ubuntu Intrepid)
Status: In Progress = Fix Committed
** Changed in: asterisk (Ubuntu Jaunty)
Status: In Progress = Fix Committed
--
Fix vulnerabilities in channels/chan_ia2x.c
https://bugs.launchpad.net/bugs/345217
You received this bug notification
debdiff for Jaunty
** Attachment added: debdiff for Jaunty
http://launchpadlibrarian.net/33241554/asterisk-1.4.21.2%7Edfsg-3ubuntu2.1.debdiff
--
Fix vulnerabilities in channels/chan_ia2x.c
https://bugs.launchpad.net/bugs/345217
You received this bug notification because you are a member of
Marking the Jaunty task back to 'In Progress' (per
https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures#Preparing%20an%20update)
since CVE-2009-0041 was not fixed.
** Changed in: asterisk (Ubuntu Jaunty)
Status: Fix Released = In Progress
--
Fix vulnerabilities in channels/chan_ia2x.c
Debdiff for Intrepid
** Attachment added: debdiff for Intrepid
http://launchpadlibrarian.net/33244368/asterisk-1.4.21.2%7Edfsg-1ubuntu3.1.debdiff
** Changed in: asterisk (Ubuntu Intrepid)
Status: Triaged = In Progress
--
Fix vulnerabilities in channels/chan_ia2x.c
Setting karmic status to invalid as none of these effect the version
there.
** Changed in: asterisk (Ubuntu Karmic)
Status: Fix Released = Invalid
--
Fix vulnerabilities in channels/chan_ia2x.c
https://bugs.launchpad.net/bugs/345217
You received this bug notification because you are a
asterisk (1:1.4.17~dfsg-2ubuntu1.1) hardy-security; urgency=low
* SECURITY UPDATE: ACK response spoofing
- added debian/patches/CVE-2008-1897: Adjust chan_iax2.c to use a special
id to prevent ACK response spoofing. Based on upstream patch.
- CVE-2008-1897
- AST-2008-006
*
Actually, we don't go through -proposed for security updates. I will
build this and test locally. Marking 'In Progress' per
https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures#Preparing%20an%20update
** Changed in: asterisk (Ubuntu Hardy)
Status: Fix Committed = In Progress
--
Fix
Uploaded to security ppa. Will test/push to the archive when it finishes
building. Thanks for the hard work Brian!
** Changed in: asterisk (Ubuntu Hardy)
Status: In Progress = Fix Committed
--
Fix vulnerabilities in channels/chan_ia2x.c
https://bugs.launchpad.net/bugs/345217
You received
I tested this from a sip phone through asterisk to IAX provider in both
directions and it works fine.
--
Fix vulnerabilities in channels/chan_ia2x.c
https://bugs.launchpad.net/bugs/345217
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
Thanks Jamie! I hadn't thought about that possibility.
-Brian
On Fri, Sep 25, 2009 at 4:34 PM, Jamie Strandboge ja...@ubuntu.com
wrote:
I tested this from a sip phone through asterisk to IAX provider in both
directions and it works fine.
--
Fix vulnerabilities in channels/chan_ia2x.c
I tested this locally, calling up voicemail using SIP, and it worked
fine. I don't really have a setup for making a call from softphone to
softphone though. If anyone else would like to test this, please do,
otherwise, I think it's good enough to hit proposed.
** Changed in: asterisk (Ubuntu
This looks good. I would recommend using a SIP provider like Ekiga.net
to test SIP functionality. Once you're satisfied that these changes are
solid, we can publish them.
** Changed in: asterisk (Ubuntu Hardy)
Status: In Progress = Incomplete
--
Fix vulnerabilities in
** Changed in: asterisk (Ubuntu Hardy)
Status: Triaged = In Progress
--
Fix vulnerabilities in channels/chan_ia2x.c
https://bugs.launchpad.net/bugs/345217
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
--
ubuntu-bugs mailing
Added fixes for:
CVE-2008-1390 (http://downloads.asterisk.org/pub/security/AST-2008-005.html)
CVE-2008-3903 (http://downloads.asterisk.org/pub/security/AST-2009-003.html)
I tested that it built properly but have not done any thorough testing
yet. Any help in the way of testing would be greatly
Here is an updated debdiff for hardy. The missing section from the
upstream patch in CVE-2008-1897 was irrelevant as it had been fixed for
a different reason by a prior patch.
** Attachment added: Updated Debdiff for Hardy
** Changed in: asterisk (Ubuntu Hardy)
Status: Triaged = In Progress
--
Fix vulnerabilities in channels/chan_ia2x.c
https://bugs.launchpad.net/bugs/345217
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
--
ubuntu-bugs mailing
Hi Brian,
Thanks for the updated debdiff. Patch for CVE-2008-1897 looks good, as
does the changelog and patch tagging.
Would it be possible to apply patched for the following two issues:
CVE-2008-1390 (http://downloads.asterisk.org/pub/security/AST-2008-005.html)
CVE-2008-3903
Thanks for your debdiff Brian! :) Here are some comments:
1. You have supplied two patches for CVE-2008-1897
(debian/patches/CVE-2008-1897 and debian/patches/asterisk-CVE-2008-1897).
Please remove asterisk-CVE-2008-1897
2. CVE-2008-1897 seems to be missing parts of upstream's
Thanks Jamie,
On Tue, Apr 28, 2009 at 5:29 PM, Jamie Strandboge ja...@ubuntu.com
wrote:
Thanks for your debdiff Brian! :) Here are some comments:
1. You have supplied two patches for CVE-2008-1897
(debian/patches/CVE-2008-1897 and debian/patches/asterisk-CVE-2008-1897).
Please remove
** Also affects: asterisk (Ubuntu Hardy)
Importance: Undecided
Status: New
** Also affects: asterisk (Ubuntu Intrepid)
Importance: Undecided
Status: New
** Also affects: asterisk (Ubuntu Jaunty)
Importance: Undecided
Status: New
** Also affects: asterisk (Ubuntu
Thanks to some help from Jamie, I am able to successfully register IAX
clients and make calls with them. This patch should be ready for
release.
** Changed in: asterisk (Ubuntu)
Status: Incomplete = Fix Committed
--
Fix vulnerabilities in channels/chan_ia2x.c
Thanks for the debdiff Brian!
Since you're asking for some more help in testing it, I'll set this bug
as Incomplete for now. Once you're satisfied that it's been tested
adequately, please mark it as In Progress again so our notification
scripts will pick it up and we'll build and release it.
I have attached a debdiff for Hardy based on patches from upstream. I
have tested as best I can with my limited knowledge of asterisk and IAX.
I can connect and register with IAX clients and with VoixPhone, I can
seem to connect to a channel. (the CLI for asterisk shows I am
connected) However,
** Visibility changed to: Public
--
Fix vulnerabilities in channels/chan_ia2x.c
https://bugs.launchpad.net/bugs/345217
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-b...@lists.ubuntu.com
27 matches
Mail list logo