Package: asterisk Version: 1:1.6.2.9-2+squeeze2 Justification: user security hole Severity: grave Tags: security upstream patch
Rapidly opening and closing TCP connections to services using the ast_tcptls_* API (primarily chan_sip, manager, and res_phoneprov) can cause Asterisk to crash after dereferencing a NULL pointer. TCP-TLS code was did not exist yet in the oldstable (Lenny) version of Asterisk. It is not used in the default configuration. But may be quite common in many configurations. -- Tzafrir Cohen | [email protected] | VIM is http://tzafrir.org.il | | a Mutt's [email protected] | | best [email protected] | | friend -- Tzafrir Cohen | [email protected] | VIM is http://tzafrir.org.il | | a Mutt's [email protected] | | best [email protected] | | friend -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
