Package: asterisk Severity: grave Tags: security Justification: user security hole
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi, the following vulnerabilities were published for asterisk. CVE-2012-5976[0]: Crashes due to large stack allocations when using TCP CVE-2012-5977[1]: Denial of Service Through Exploitation of Device State Caching If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] http://security-tracker.debian.org/tracker/CVE-2012-5976 [1] http://security-tracker.debian.org/tracker/CVE-2012-5977 Please adjust the affected versions in the BTS as needed. According to the advisories all 1.8.x versions seems affected. Regards, Salvatore -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCgAGBQJQ5K0XAAoJEHidbwV/2GP+4kMQAL2fplVcLBKGn0a03HlCWMdm Dc0uLrlaSG/YG5jCGOLwyNiNrL/+h1Y1Ld2AaHLInEvoHPTUO4GGTTkdUFWmMxpP C8EyihsbG/bCYykimfLXBBp+4ndRvXY5akxGRVDLve06uy3NPlerqo6kbslBADgX BSNRmYOE4J+Zpue2TkcmQSpeFeyClzFYA7viKJP7xXa9OqTCaC+yHRIQqxLOhQl6 9YiHuxaO0IbmeZmrbbrRzuO3qbM1QpRbvkL0Am2IOl4zcYzQGUd7FtbgadtPOL9k qTwDM2xXNG/3HzbxInX0DnJoIl4tVxpMteNZBUzRrof3dvh7CU2d0Ql5k6GDAyau r/yrA9SftFD7JZADQPmAT5LonwXplFvLE8AMBDaegeirrSbNayQVbxp4l5rxBpN7 4esfQrWJs0ecmPPCoHoST4uZgelFev7UHWpCE2spOVpBwxBkcDLm1Hl3w0r9WYlk 4ek+XlLPw/Rkhy/75jEBb/k73DTwXSwPX49jedOR1ysic9ADqu3SuYOVrX28/sCr ZS6V1L5W2kkqETCrgl55jGqG8rJq2QsEMIzJ17HyIdpxe9IVdLzhSzf8yFUo2puG O1fcqpUHK6uo4Jz8dcd1GnzsJzn/bU9FjczO6SzRMeyQt1fJZlssbQBtxSTuLgYm MHbhYUTKLs372+Yr1/S5 =dP/T -----END PGP SIGNATURE----- _______________________________________________ Secure-testing-team mailing list Secure-testing-team@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team
