Bug#721220: marked as done (asterisk: CVE-2013-5641 CVE-2013-5642)
Your message dated Mon, 30 Sep 2013 19:19:17 +
with message-id e1vqj01-0005dt...@franck.debian.org
and subject line Bug#721220: fixed in asterisk 1:11.5.1~dfsg-1
has caused the Debian Bug report #721220,
regarding asterisk: CVE-2013-5641 CVE-2013-5642
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
721220: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721220
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Package: asterisk
Severity: grave
Tags: security
Justification: user security hole
Please see http://downloads.asterisk.org/pub/security/AST-2013-004.html and
http://downloads.asterisk.org/pub/security/AST-2013-005.html
These affect oldstable and stable. Can you please prepare updates for
stable-security?
Cheers,
Moritz
---End Message---
---BeginMessage---
Source: asterisk
Source-Version: 1:11.5.1~dfsg-1
We believe that the bug you reported is fixed in the latest version of
asterisk, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 721...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Tzafrir Cohen tzaf...@debian.org (supplier of updated asterisk package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Format: 1.8
Date: Mon, 30 Sep 2013 21:28:22 +0300
Source: asterisk
Binary: asterisk asterisk-modules asterisk-dahdi asterisk-voicemail
asterisk-voicemail-imapstorage asterisk-voicemail-odbcstorage asterisk-ooh323
asterisk-mp3 asterisk-mysql asterisk-mobile asterisk-doc asterisk-dev
asterisk-dbg asterisk-config
Architecture: source amd64 all
Version: 1:11.5.1~dfsg-1
Distribution: unstable
Urgency: low
Maintainer: Debian VoIP Team pkg-voip-maintain...@lists.alioth.debian.org
Changed-By: Tzafrir Cohen tzaf...@debian.org
Description:
asterisk - Open Source Private Branch Exchange (PBX)
asterisk-config - Configuration files for Asterisk
asterisk-dahdi - DAHDI devices support for the Asterisk PBX
asterisk-dbg - Debugging symbols for Asterisk
asterisk-dev - Development files for Asterisk
asterisk-doc - Source code documentation for Asterisk
asterisk-mobile - Bluetooth phone support for the Asterisk PBX
asterisk-modules - loadable modules for the Asterisk PBX
asterisk-mp3 - MP3 playback support for the Asterisk PBX
asterisk-mysql - MySQL database protocol support for the Asterisk PBX
asterisk-ooh323 - H.323 protocol support for the Asterisk PBX - ooH323c
asterisk-voicemail - simple voicemail support for the Asterisk PBX
asterisk-voicemail-imapstorage - IMAP voicemail storage support for the
Asterisk PBX
asterisk-voicemail-odbcstorage - ODBC voicemail storage support for the
Asterisk PBX
Closes: 545272 701505 710557 721220
Changes:
asterisk (1:11.5.1~dfsg-1) unstable; urgency=low
.
[ Faidon Liambotis ]
* New major upstream release.
- Drop patch kfreebsd, fixed upstream.
- Drop patch httpd_port.
- Drop patch menuselect_cflags, merged upstream.
- Drop patch bluetooth_bind, merged upstream.
- Replace libopenais-dev with corosync-dev, res_corosync replaces res_ais.
- Fixes CVE-2013-5641, CVE-2013-5642 (Closes: #721220).
- Patch fix_xmpp_19532 also included (Closes: #545272).
- Patch powerpcspe also included (Closes: #701505).
- Fixes incorrect sip causes issue (Closes: #710557).
- Patch powerpcspe also included (Closes: #701505).
- Patces merged upstream: AST-2012-012, ASt-2012-013,
AST-2012-014, AST-2012-015, AST-2013-002, AST-2013-003
* Do not ship the removed-but-reincluded docs, they're outdated by now.
Upstream wants their Wiki to be the primary Asterisk documentation place.
* Ship UPGRADE-{10,1.8,1.4,1.2}.txt in asterisk-doc.
* Do not ship app_meetme.so and app_dahdibarge.so, deprecated by upstream.
- Also remove them from asterisk-dahdi's full description.
* Remove ASTSAFE_CONSOLE and ASTSAFE_TTY from asterisk.default, they aren't
being unused for a while now.
.
[ Tzafrir Cohen ]
* Patch undeprecate: undeprecate meetme.
* increased compat level for debian/clean.
* Disable hardening for now.
* Convert rules to dh.
- Patch astdatadir: set datadir in /usr/share/asterisk
Bug#721220: marked as done (asterisk: CVE-2013-5641 CVE-2013-5642)
Your message dated Wed, 04 Sep 2013 22:02:33 + with message-id e1vhl9l-0007ft...@franck.debian.org and subject line Bug#721220: fixed in asterisk 1:1.6.2.9-2+squeeze11 has caused the Debian Bug report #721220, regarding asterisk: CVE-2013-5641 CVE-2013-5642 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 721220: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721220 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: asterisk Severity: grave Tags: security Justification: user security hole Please see http://downloads.asterisk.org/pub/security/AST-2013-004.html and http://downloads.asterisk.org/pub/security/AST-2013-005.html These affect oldstable and stable. Can you please prepare updates for stable-security? Cheers, Moritz ---End Message--- ---BeginMessage--- Source: asterisk Source-Version: 1:1.6.2.9-2+squeeze11 We believe that the bug you reported is fixed in the latest version of asterisk, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 721...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Tzafrir Cohen tzaf...@debian.org (supplier of updated asterisk package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Thu, 29 Aug 2013 21:31:43 +0300 Source: asterisk Binary: asterisk asterisk-h323 asterisk-doc asterisk-dev asterisk-dbg asterisk-sounds-main asterisk-config Architecture: source all amd64 Version: 1:1.6.2.9-2+squeeze11 Distribution: oldstable-security Urgency: high Maintainer: Debian VoIP Team pkg-voip-maintain...@lists.alioth.debian.org Changed-By: Tzafrir Cohen tzaf...@debian.org Description: asterisk - Open Source Private Branch Exchange (PBX) asterisk-config - Configuration files for Asterisk asterisk-dbg - Debugging symbols for Asterisk asterisk-dev - Development files for Asterisk asterisk-doc - Source code documentation for Asterisk asterisk-h323 - H.323 protocol support for Asterisk asterisk-sounds-main - Core Sound files for Asterisk (English) Closes: 721220 Changes: asterisk (1:1.6.2.9-2+squeeze11) oldstable-security; urgency=high . * Patch AST-2013-004 (CVE-2013-5641): chan_sip: crash in ACK to SDP * Patch AST-2013-005 (CVE-2013-5642): Fix crash caused by invalid SDP (Closes: #721220). * Update VCS links. Checksums-Sha1: 47bdcdea86622984443e1122935dc9447fcfa738 2232 asterisk_1.6.2.9-2+squeeze11.dsc 881cec423eac55db4f8de3bdbbcfbaff1e009aa4 117256 asterisk_1.6.2.9-2+squeeze11.debian.tar.gz 852054ba64980bbc6599f06dbefd162d8cf42e54 1709918 asterisk-doc_1.6.2.9-2+squeeze11_all.deb 84ef6195dd5f696dba74acc5896cb8f905232e82 635312 asterisk-dev_1.6.2.9-2+squeeze11_all.deb c662bede9ef860148f4359dad3d835c07d7c432f 2186572 asterisk-sounds-main_1.6.2.9-2+squeeze11_all.deb 4259f4b266479ec0bb115ba44967532130c4ad7b 715820 asterisk-config_1.6.2.9-2+squeeze11_all.deb c5c1894bf442bbeffb285a00f179ed7be309af56 3602576 asterisk_1.6.2.9-2+squeeze11_amd64.deb d008997e8dcb57b55a4f6cdeec4a5d59f2b65dc4 534078 asterisk-h323_1.6.2.9-2+squeeze11_amd64.deb 95aa361cca5b44e042351e8d784aed985b035fbf 20347390 asterisk-dbg_1.6.2.9-2+squeeze11_amd64.deb Checksums-Sha256: dc40543c5e47fbda9984e775f1309f99065845fe10b9ed6c1b0db1a81a6e001d 2232 asterisk_1.6.2.9-2+squeeze11.dsc b72f47d367d0d819d72aedff1f6450f14748c09fbd06eb2a9faa1504e40392fd 117256 asterisk_1.6.2.9-2+squeeze11.debian.tar.gz 04dc4244a41b5b564fb68e148cce06532cfd8a20ff03844bc5515c627eae85f4 1709918 asterisk-doc_1.6.2.9-2+squeeze11_all.deb b8105cfc28b231c43b32d9a115ef033f19a02bf0d51eac8f9b811be3de1962cc 635312 asterisk-dev_1.6.2.9-2+squeeze11_all.deb 00ea1d434bbbc34a958fe99a04ebc907d928e8b5cca4cf73abc432b086717a41 2186572 asterisk-sounds-main_1.6.2.9-2+squeeze11_all.deb 340507f95f9479bcc96eafa751a9790a2b5dea3de3f1e4f30ccda2f0c50c1195 715820 asterisk-config_1.6.2.9-2+squeeze11_all.deb ed7ba66a91975586785d22701702a44de94c6dc1ec65fd573df72f81dd22a467 3602576 asterisk_1.6.2.9-2+squeeze11_amd64.deb 21ac85b8e72438ccf1d7c6e53d8f42b877061fea582d0cc124b9300690b6e864 534078 asterisk-h323_1.6.2.9-2+squeeze11_amd64.deb 0e263880c5f42bad5f1cb532994c76c05a37ca80c663808ce8342161d52a1a5d 20347390
