Hi Stefan, Am Freitag, den 21.04.2006, 22:24 +0200 schrieb Stefan Fritsch: > Package: asterisk > Severity: grave > Tags: security > Justification: user security hole > > > CVE-2006-1827: > Integer signedness error in format_jpeg.c in Asterisk 1.2.6 and > earlier allows remote attackers to execute arbitrary code via a length > value that passes a length check as a negative number, but triggers a > buffer overflow when it is used as an unsigned length. > > This is fixed in 1.2.7.
well, 1.2.7 is unlikely to hit Sarge, we'll try to include the fix http://svn.digium.com/view/asterisk/branches/1.2/formats/format_jpeg.c?r1=7221&r2=18436&diff_format=u into the sarge package and propose it to the security team as we have it ready. For SID and Etch, we have just rolled out 1.2.7.1 into unstable today which will sooner or later hit Etch and implicitly fix this. -- Best regards, Kilian
signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil