Bug#721220: marked as done (asterisk: CVE-2013-5641 CVE-2013-5642)
Your message dated Mon, 30 Sep 2013 19:19:17 + with message-id e1vqj01-0005dt...@franck.debian.org and subject line Bug#721220: fixed in asterisk 1:11.5.1~dfsg-1 has caused the Debian Bug report #721220, regarding asterisk: CVE-2013-5641 CVE-2013-5642 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 721220: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721220 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: asterisk Severity: grave Tags: security Justification: user security hole Please see http://downloads.asterisk.org/pub/security/AST-2013-004.html and http://downloads.asterisk.org/pub/security/AST-2013-005.html These affect oldstable and stable. Can you please prepare updates for stable-security? Cheers, Moritz ---End Message--- ---BeginMessage--- Source: asterisk Source-Version: 1:11.5.1~dfsg-1 We believe that the bug you reported is fixed in the latest version of asterisk, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 721...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Tzafrir Cohen tzaf...@debian.org (supplier of updated asterisk package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Mon, 30 Sep 2013 21:28:22 +0300 Source: asterisk Binary: asterisk asterisk-modules asterisk-dahdi asterisk-voicemail asterisk-voicemail-imapstorage asterisk-voicemail-odbcstorage asterisk-ooh323 asterisk-mp3 asterisk-mysql asterisk-mobile asterisk-doc asterisk-dev asterisk-dbg asterisk-config Architecture: source amd64 all Version: 1:11.5.1~dfsg-1 Distribution: unstable Urgency: low Maintainer: Debian VoIP Team pkg-voip-maintain...@lists.alioth.debian.org Changed-By: Tzafrir Cohen tzaf...@debian.org Description: asterisk - Open Source Private Branch Exchange (PBX) asterisk-config - Configuration files for Asterisk asterisk-dahdi - DAHDI devices support for the Asterisk PBX asterisk-dbg - Debugging symbols for Asterisk asterisk-dev - Development files for Asterisk asterisk-doc - Source code documentation for Asterisk asterisk-mobile - Bluetooth phone support for the Asterisk PBX asterisk-modules - loadable modules for the Asterisk PBX asterisk-mp3 - MP3 playback support for the Asterisk PBX asterisk-mysql - MySQL database protocol support for the Asterisk PBX asterisk-ooh323 - H.323 protocol support for the Asterisk PBX - ooH323c asterisk-voicemail - simple voicemail support for the Asterisk PBX asterisk-voicemail-imapstorage - IMAP voicemail storage support for the Asterisk PBX asterisk-voicemail-odbcstorage - ODBC voicemail storage support for the Asterisk PBX Closes: 545272 701505 710557 721220 Changes: asterisk (1:11.5.1~dfsg-1) unstable; urgency=low . [ Faidon Liambotis ] * New major upstream release. - Drop patch kfreebsd, fixed upstream. - Drop patch httpd_port. - Drop patch menuselect_cflags, merged upstream. - Drop patch bluetooth_bind, merged upstream. - Replace libopenais-dev with corosync-dev, res_corosync replaces res_ais. - Fixes CVE-2013-5641, CVE-2013-5642 (Closes: #721220). - Patch fix_xmpp_19532 also included (Closes: #545272). - Patch powerpcspe also included (Closes: #701505). - Fixes incorrect sip causes issue (Closes: #710557). - Patch powerpcspe also included (Closes: #701505). - Patces merged upstream: AST-2012-012, ASt-2012-013, AST-2012-014, AST-2012-015, AST-2013-002, AST-2013-003 * Do not ship the removed-but-reincluded docs, they're outdated by now. Upstream wants their Wiki to be the primary Asterisk documentation place. * Ship UPGRADE-{10,1.8,1.4,1.2}.txt in asterisk-doc. * Do not ship app_meetme.so and app_dahdibarge.so, deprecated by upstream. - Also remove them from asterisk-dahdi's full description. * Remove ASTSAFE_CONSOLE and ASTSAFE_TTY from asterisk.default, they aren't being unused for a while now. . [ Tzafrir Cohen ] * Patch undeprecate: undeprecate meetme. * increased compat level for debian/clean. * Disable hardening for now. * Convert rules to dh. - Patch astdatadir: set datadir in /usr/share/asterisk
Bug#721220: marked as done (asterisk: CVE-2013-5641 CVE-2013-5642)
Your message dated Wed, 04 Sep 2013 22:02:33 + with message-id e1vhl9l-0007ft...@franck.debian.org and subject line Bug#721220: fixed in asterisk 1:1.6.2.9-2+squeeze11 has caused the Debian Bug report #721220, regarding asterisk: CVE-2013-5641 CVE-2013-5642 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 721220: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721220 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: asterisk Severity: grave Tags: security Justification: user security hole Please see http://downloads.asterisk.org/pub/security/AST-2013-004.html and http://downloads.asterisk.org/pub/security/AST-2013-005.html These affect oldstable and stable. Can you please prepare updates for stable-security? Cheers, Moritz ---End Message--- ---BeginMessage--- Source: asterisk Source-Version: 1:1.6.2.9-2+squeeze11 We believe that the bug you reported is fixed in the latest version of asterisk, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 721...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Tzafrir Cohen tzaf...@debian.org (supplier of updated asterisk package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Thu, 29 Aug 2013 21:31:43 +0300 Source: asterisk Binary: asterisk asterisk-h323 asterisk-doc asterisk-dev asterisk-dbg asterisk-sounds-main asterisk-config Architecture: source all amd64 Version: 1:1.6.2.9-2+squeeze11 Distribution: oldstable-security Urgency: high Maintainer: Debian VoIP Team pkg-voip-maintain...@lists.alioth.debian.org Changed-By: Tzafrir Cohen tzaf...@debian.org Description: asterisk - Open Source Private Branch Exchange (PBX) asterisk-config - Configuration files for Asterisk asterisk-dbg - Debugging symbols for Asterisk asterisk-dev - Development files for Asterisk asterisk-doc - Source code documentation for Asterisk asterisk-h323 - H.323 protocol support for Asterisk asterisk-sounds-main - Core Sound files for Asterisk (English) Closes: 721220 Changes: asterisk (1:1.6.2.9-2+squeeze11) oldstable-security; urgency=high . * Patch AST-2013-004 (CVE-2013-5641): chan_sip: crash in ACK to SDP * Patch AST-2013-005 (CVE-2013-5642): Fix crash caused by invalid SDP (Closes: #721220). * Update VCS links. Checksums-Sha1: 47bdcdea86622984443e1122935dc9447fcfa738 2232 asterisk_1.6.2.9-2+squeeze11.dsc 881cec423eac55db4f8de3bdbbcfbaff1e009aa4 117256 asterisk_1.6.2.9-2+squeeze11.debian.tar.gz 852054ba64980bbc6599f06dbefd162d8cf42e54 1709918 asterisk-doc_1.6.2.9-2+squeeze11_all.deb 84ef6195dd5f696dba74acc5896cb8f905232e82 635312 asterisk-dev_1.6.2.9-2+squeeze11_all.deb c662bede9ef860148f4359dad3d835c07d7c432f 2186572 asterisk-sounds-main_1.6.2.9-2+squeeze11_all.deb 4259f4b266479ec0bb115ba44967532130c4ad7b 715820 asterisk-config_1.6.2.9-2+squeeze11_all.deb c5c1894bf442bbeffb285a00f179ed7be309af56 3602576 asterisk_1.6.2.9-2+squeeze11_amd64.deb d008997e8dcb57b55a4f6cdeec4a5d59f2b65dc4 534078 asterisk-h323_1.6.2.9-2+squeeze11_amd64.deb 95aa361cca5b44e042351e8d784aed985b035fbf 20347390 asterisk-dbg_1.6.2.9-2+squeeze11_amd64.deb Checksums-Sha256: dc40543c5e47fbda9984e775f1309f99065845fe10b9ed6c1b0db1a81a6e001d 2232 asterisk_1.6.2.9-2+squeeze11.dsc b72f47d367d0d819d72aedff1f6450f14748c09fbd06eb2a9faa1504e40392fd 117256 asterisk_1.6.2.9-2+squeeze11.debian.tar.gz 04dc4244a41b5b564fb68e148cce06532cfd8a20ff03844bc5515c627eae85f4 1709918 asterisk-doc_1.6.2.9-2+squeeze11_all.deb b8105cfc28b231c43b32d9a115ef033f19a02bf0d51eac8f9b811be3de1962cc 635312 asterisk-dev_1.6.2.9-2+squeeze11_all.deb 00ea1d434bbbc34a958fe99a04ebc907d928e8b5cca4cf73abc432b086717a41 2186572 asterisk-sounds-main_1.6.2.9-2+squeeze11_all.deb 340507f95f9479bcc96eafa751a9790a2b5dea3de3f1e4f30ccda2f0c50c1195 715820 asterisk-config_1.6.2.9-2+squeeze11_all.deb ed7ba66a91975586785d22701702a44de94c6dc1ec65fd573df72f81dd22a467 3602576 asterisk_1.6.2.9-2+squeeze11_amd64.deb 21ac85b8e72438ccf1d7c6e53d8f42b877061fea582d0cc124b9300690b6e864 534078 asterisk-h323_1.6.2.9-2+squeeze11_amd64.deb 0e263880c5f42bad5f1cb532994c76c05a37ca80c663808ce8342161d52a1a5d 20347390