Package: asterisk Version: 1:1.8.4.2-1 Severity: grave Tags: security upstream patch Justification: user security hole
A memory address was inadvertently transmitted over the network via IAX2 via an option control frame and the remote party would try to access it. This applies only to version 1.8 in Wheezy/Sid and not to the versions in Lenny and Squeeze. The advisory does apply to some newer versions of Asterisk 1.4 and 1.6.2, but not to the older versions used in Lenny and Squeeze, respectively. For more information, see http://downloads.asterisk.org/pub/security/AST-2011-010.html -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
