Your message dated Fri, 01 Jul 2022 17:02:07 +0000 with message-id <e1o7k1v-000cpp...@fasolo.debian.org> and subject line Bug#991931: fixed in asterisk 1:16.16.1~dfsg-1+deb11u1 has caused the Debian Bug report #991931, regarding CVE-2021-32686 / AST-2021-009: pjproject/pjsip: crash when SSL socket destroyed during handshake to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 991931: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991931 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: src:asterisk Severity: serious Tags: security upstream patch https://downloads.asterisk.org/pub/security/AST-2021-009.html Summary: pjproject/pjsip: crash when SSL socket destroyed during handshake Nature of Advisory: Denial of service Susceptibility: Remote unauthenticated sessions Severity: Major Exploits Known: Yes Description | Depending on the timing, it’s possible for Asterisk to crash when using a TLS | connection if the underlying socket parent/listener gets destroyed during the | handshake.
--- End Message ---
--- Begin Message ---Source: asterisk Source-Version: 1:16.16.1~dfsg-1+deb11u1 Done: Bernhard Schmidt <be...@debian.org> We believe that the bug you reported is fixed in the latest version of asterisk, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 991...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Bernhard Schmidt <be...@debian.org> (supplier of updated asterisk package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 09 Aug 2021 08:48:31 +0200 Source: asterisk Architecture: source Version: 1:16.16.1~dfsg-1+deb11u1 Distribution: bullseye-security Urgency: medium Maintainer: Debian VoIP Team <pkg-voip-maintain...@lists.alioth.debian.org> Changed-By: Bernhard Schmidt <be...@debian.org> Closes: 991710 991931 Changes: asterisk (1:16.16.1~dfsg-1+deb11u1) bullseye-security; urgency=medium . * CVE-2021-32558 / AST-2021-008 (Closes: #991710) If the IAX2 channel driver receives a packet that contains an unsupported media format it can cause a crash to occur in Asterisk * CVE-2021-32686 / AST-2021-009 (Closes: #991931) pjproject/pjsip: crash when SSL socket destroyed during handshake * d/gbp.conf for Bullseye branch Checksums-Sha1: 084c8ebf5f267ac172504bebbd7648f4cfecc1d3 4233 asterisk_16.16.1~dfsg-1+deb11u1.dsc f0b46a4eabe561df5c690f73862746fa01d67739 7055724 asterisk_16.16.1~dfsg.orig.tar.xz 5ac73590577b4821d18dd3515e7522f09199d316 5953420 asterisk_16.16.1~dfsg-1+deb11u1.debian.tar.xz 19ba4db88523dbc91f4b20d23f50e056ec6a0d95 27939 asterisk_16.16.1~dfsg-1+deb11u1_amd64.buildinfo Checksums-Sha256: ad664a54385066c5032e2fe29e7113922d0c8b68a9251169f1703edea90eb09e 4233 asterisk_16.16.1~dfsg-1+deb11u1.dsc 42268f21025a0fab9288f616951609f8b10118fb63e35fae80e7d110eb5dda6e 7055724 asterisk_16.16.1~dfsg.orig.tar.xz 25eac97078e99ce9dc345da75639d5e9bb5cc0b9c9a50dd447e45c246491a70a 5953420 asterisk_16.16.1~dfsg-1+deb11u1.debian.tar.xz 071bb9c82ca6552570066d273e028738ea4ee73d4b26805e782da42326a4aca5 27939 asterisk_16.16.1~dfsg-1+deb11u1_amd64.buildinfo Files: 37c0ba19cc3012535930dc4d4e52014d 4233 comm optional asterisk_16.16.1~dfsg-1+deb11u1.dsc ad421903a111f0a43e25d64b7aadc2e9 7055724 comm optional asterisk_16.16.1~dfsg.orig.tar.xz 4647ac3e939cfed2fea75b27139d9467 5953420 comm optional asterisk_16.16.1~dfsg-1+deb11u1.debian.tar.xz db5b862051a9cfecfc678a47857905d4 27939 comm optional asterisk_16.16.1~dfsg-1+deb11u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQJFBAEBCgAvFiEE1uAexRal3873GVbTd1B55bhQvJMFAmEj9QIRHGJlcm5pQGRl Ymlhbi5vcmcACgkQd1B55bhQvJNMYA/7BHIp5g+qySH2kMQlHf91aowKnwXN7oq1 Wh/+5eOMe0Y5t/gqeFY/PvcyXzquTNMdStW5OkDyfVqp4ddXZZJqUnc+dKwvez8F t/3twBYH/grscLhHQlPWs9LvzfgIPZJJmP7rYKVjJxRxkWeKNpwoNhbohYMITjpJ bhpnb+KwjurCUUwNberFc9epKxClXaav+1ZqK+GEFwMsgG88REdOtaPzIUB/WoF7 CpQMTuUtJgtYO0Up4x7W1g+ebUF6dAkBr4N+CvctF8Tktbfv1z9inYQvfzGfw6P1 Dtj3qlvtT6kuZqYtwjMZGdoRF8ISm4ZY+sEQ1EqLI2s59FoIqmG35V93cohh0bkx AW9enPTwJr4Hvk6His0ca3eJScf1j7nmS5c3K2fCcCwZawABxmRjD77dNQYuqHm+ PnGuxRq9d32eUsCXo7dqYbJIHIhsME2PCByTfhKy0hDTkPevhctPNwm31MVRUi95 dMUAN68cAZSPKSjYITwfIl8fXLPjRWaWy8s7nF4rT6YrZH2Sqh8DwnuBAVXxF4al BlICuiZElqjJCJh4AJCtkzY/eZXVk42GeB0uzdAnI/sEmMQSSYdPQSXmiLOX6ma6 XG167nXt8ur0QydAOwnctrJNqOK8iRnjtRuJ3pp3cH/DNEprbsmAqdNFuBJsvXKP XY8PySJhArk= =KE0K -----END PGP SIGNATURE-----
--- End Message ---
