This bug was fixed in the package asterisk - 1:1.8.13.1~dfsg-1ubuntu1 --------------- asterisk (1:1.8.13.1~dfsg-1ubuntu1) quantal; urgency=low
* Merge from Debian unstable. (LP: #1022360, CVE-2012-3812) Remaining changes: - debian/asterisk.init: chown /dev/dahdi - Fix building on armhf with debian/patches/armhf-fixes: + Flatten linux-gnueabihf in configure to linux-gnu, in the same way that's already done for linux-gnueabi asterisk (1:1.8.13.1~dfsg-1) unstable; urgency=low * New upstream release (Closes: #680470): - Fixes AST-2012-010 (CVE-2012-3863). - Fixes AST-2012-011 (CVE-2012-38612). * Patch AST-2012-012 (CVE-2012-2186): AMI User Shell Access with ExternalIVR * Patch AST-2012-012 (CVE-2012-4737): ACL rules ignored during calls by some IAX2 peers. -- Julian Taylor <jtay...@ubuntu.com> Sat, 08 Sep 2012 12:38:06 +0200 ** Changed in: asterisk (Ubuntu) Status: Triaged => Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-2186 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-3861 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-4737 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to asterisk in Ubuntu. https://bugs.launchpad.net/bugs/1022360 Title: (CVE-2012-3812) CVE-2012-3812 asterisk: Remote crash vulnerability in voice mail application (CVE-2012-3863) CVE-2012-3863 asterisk: Possible resource leak on uncompleted re-invite transactions To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/asterisk/+bug/1022360/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs