[Bug 705014] Re: CVE-2011-0495: AST-2011-001: Asterisk: Stack based buffer overflow by forming an outgoing SIP request with specially-crafted caller ID information
** Changed in: asterisk (Debian) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/705014 Title: CVE-2011-0495: AST-2011-001: Asterisk: Stack based buffer overflow by forming an outgoing SIP request with specially-crafted caller ID information -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 705014] Re: CVE-2011-0495: AST-2011-001: Asterisk: Stack based buffer overflow by forming an outgoing SIP request with specially-crafted caller ID information
** Branch linked: lp:ubuntu/lucid-security/asterisk ** Branch linked: lp:ubuntu/maverick-security/asterisk -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/705014 Title: CVE-2011-0495: AST-2011-001: Asterisk: Stack based buffer overflow by forming an outgoing SIP request with specially-crafted caller ID information -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 705014] Re: CVE-2011-0495: AST-2011-001: Asterisk: Stack based buffer overflow by forming an outgoing SIP request with specially-crafted caller ID information
This bug was fixed in the package asterisk - 1:1.6.2.5-0ubuntu1.3 --- asterisk (1:1.6.2.5-0ubuntu1.3) lucid-security; urgency=low * SECURITY UPDATE: Stack buffer overflow in SIP channel driver. (LP: #705014) - debian/patches/AST-2011-001-1.6.2: The size of the output buffer passed to the ast_uri_encode function is now properly respected in main/utils.c. Patch courtesy of upstream. - CVE-2011-0495 -- Dave Walker (Daviey)Thu, 20 Jan 2011 23:31:55 + -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/705014 Title: CVE-2011-0495: AST-2011-001: Asterisk: Stack based buffer overflow by forming an outgoing SIP request with specially-crafted caller ID information -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 705014] Re: CVE-2011-0495: AST-2011-001: Asterisk: Stack based buffer overflow by forming an outgoing SIP request with specially-crafted caller ID information
This bug was fixed in the package asterisk - 1:1.6.2.7-1ubuntu1.1 --- asterisk (1:1.6.2.7-1ubuntu1.1) maverick-security; urgency=low * SECURITY UPDATE: Stack buffer overflow in SIP channel driver. (LP: #705014) - debian/patches/AST-2011-001-1.6.2: The size of the output buffer passed to the ast_uri_encode function is now properly respected in main/utils.c. Patch courtesy of upstream. - CVE-2011-0495 -- Dave Walker (Daviey)Thu, 20 Jan 2011 23:36:57 + ** Changed in: asterisk (Ubuntu Maverick) Status: Fix Committed => Fix Released ** Changed in: asterisk (Ubuntu Lucid) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/705014 Title: CVE-2011-0495: AST-2011-001: Asterisk: Stack based buffer overflow by forming an outgoing SIP request with specially-crafted caller ID information -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 705014] Re: CVE-2011-0495: AST-2011-001: Asterisk: Stack based buffer overflow by forming an outgoing SIP request with specially-crafted caller ID information
** Branch linked: lp:ubuntu/asterisk -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/705014 Title: CVE-2011-0495: AST-2011-001: Asterisk: Stack based buffer overflow by forming an outgoing SIP request with specially-crafted caller ID information -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 705014] Re: CVE-2011-0495: AST-2011-001: Asterisk: Stack based buffer overflow by forming an outgoing SIP request with specially-crafted caller ID information
Uploaded lucid/1:1.6.2.5-0ubuntu1.3 to the security PPA. ** Changed in: asterisk (Ubuntu Lucid) Status: Confirmed => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/705014 Title: CVE-2011-0495: AST-2011-001: Asterisk: Stack based buffer overflow by forming an outgoing SIP request with specially-crafted caller ID information -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 705014] Re: CVE-2011-0495: AST-2011-001: Asterisk: Stack based buffer overflow by forming an outgoing SIP request with specially-crafted caller ID information
Uploaded maverick/1:1.6.2.7-1ubuntu1.1 to the security PPA. ** Changed in: asterisk (Ubuntu Maverick) Status: Confirmed => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/705014 Title: CVE-2011-0495: AST-2011-001: Asterisk: Stack based buffer overflow by forming an outgoing SIP request with specially-crafted caller ID information -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 705014] Re: CVE-2011-0495: AST-2011-001: Asterisk: Stack based buffer overflow by forming an outgoing SIP request with specially-crafted caller ID information
** Changed in: asterisk (Ubuntu Hardy) Status: Confirmed => Triaged ** Changed in: asterisk (Ubuntu Karmic) Status: Confirmed => Triaged -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/705014 Title: CVE-2011-0495: AST-2011-001: Asterisk: Stack based buffer overflow by forming an outgoing SIP request with specially-crafted caller ID information -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 705014] Re: CVE-2011-0495: AST-2011-001: Asterisk: Stack based buffer overflow by forming an outgoing SIP request with specially-crafted caller ID information
This bug was fixed in the package asterisk - 1:1.6.2.9-2ubuntu2 --- asterisk (1:1.6.2.9-2ubuntu2) natty; urgency=low * SECURITY UPDATE: Stack buffer overflow in SIP channel driver. (LP: #705014) - debian/patches/AST-2011-001-1.6.2: The size of the output buffer passed to the ast_uri_encode function is now properly respected in main/utils.c. Patch courtesy of upstream. - CVE-2011-0495 -- Dave Walker (Daviey)Thu, 20 Jan 2011 21:19:46 + ** Changed in: asterisk (Ubuntu Natty) Status: Confirmed => Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2011-0495 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/705014 Title: CVE-2011-0495: AST-2011-001: Asterisk: Stack based buffer overflow by forming an outgoing SIP request with specially-crafted caller ID information -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 705014] Re: CVE-2011-0495: AST-2011-001: Asterisk: Stack based buffer overflow by forming an outgoing SIP request with specially-crafted caller ID information
Dapper is EOL for everything except a subset of main and restricted packages right now, so I am going to decline the Dapper task unless someone wants to provide a patch and the testing. ** Also affects: asterisk (Ubuntu Natty) Importance: Undecided Status: Confirmed ** Also affects: asterisk (Ubuntu Maverick) Importance: Undecided Status: New ** Also affects: asterisk (Ubuntu Lucid) Importance: Undecided Status: New ** Also affects: asterisk (Ubuntu Karmic) Importance: Undecided Status: New ** Also affects: asterisk (Ubuntu Hardy) Importance: Undecided Status: New ** Changed in: asterisk (Ubuntu Lucid) Status: New => Confirmed ** Changed in: asterisk (Ubuntu Lucid) Importance: Undecided => Medium ** Changed in: asterisk (Ubuntu Maverick) Status: New => Confirmed ** Changed in: asterisk (Ubuntu Maverick) Importance: Undecided => Medium ** Changed in: asterisk (Ubuntu Natty) Importance: Undecided => Medium ** Changed in: asterisk (Ubuntu Hardy) Status: New => Confirmed ** Changed in: asterisk (Ubuntu Hardy) Importance: Undecided => Medium ** Changed in: asterisk (Ubuntu Karmic) Status: New => Confirmed ** Changed in: asterisk (Ubuntu Karmic) Importance: Undecided => Medium -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/705014 Title: CVE-2011-0495: AST-2011-001: Asterisk: Stack based buffer overflow by forming an outgoing SIP request with specially-crafted caller ID information -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 705014] Re: CVE-2011-0495: AST-2011-001: Asterisk: Stack based buffer overflow by forming an outgoing SIP request with specially-crafted caller ID information
Hi Paul, It's probably better to join freenode IRC, #ubuntu-devel, or #ubuntu- motu. My IRC nick is Daviey, i am happy to help. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/705014 Title: CVE-2011-0495: AST-2011-001: Asterisk: Stack based buffer overflow by forming an outgoing SIP request with specially-crafted caller ID information -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 705014] Re: CVE-2011-0495: AST-2011-001: Asterisk: Stack based buffer overflow by forming an outgoing SIP request with specially-crafted caller ID information
** Changed in: asterisk (Debian) Status: Unknown => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/705014 Title: CVE-2011-0495: AST-2011-001: Asterisk: Stack based buffer overflow by forming an outgoing SIP request with specially-crafted caller ID information -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 705014] Re: CVE-2011-0495: AST-2011-001: Asterisk: Stack based buffer overflow by forming an outgoing SIP request with specially-crafted caller ID information
Slightly on topic, do you mind outputting the bzr commands you used to branch from lp:ubuntu/asterisk to lp:~davewalker/ubuntu/natty/asterisk/lp_705014? I started work patches this morning, but got bogged down in bzr. Additionally, it don't look like we have an up-to-date branch for asterisk packages using bzr-buildpackage, unless I'm missing something. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/705014 Title: CVE-2011-0495: AST-2011-001: Asterisk: Stack based buffer overflow by forming an outgoing SIP request with specially-crafted caller ID information -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 705014] Re: CVE-2011-0495: AST-2011-001: Asterisk: Stack based buffer overflow by forming an outgoing SIP request with specially-crafted caller ID information
** Branch linked: lp:~davewalker/ubuntu/lucid/asterisk/lp_705014 ** Branch linked: lp:~davewalker/ubuntu/maverick/asterisk/lp_705014 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/705014 Title: CVE-2011-0495: AST-2011-001: Asterisk: Stack based buffer overflow by forming an outgoing SIP request with specially-crafted caller ID information -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 705014] Re: CVE-2011-0495: AST-2011-001: Asterisk: Stack based buffer overflow by forming an outgoing SIP request with specially-crafted caller ID information
** Branch linked: lp:~davewalker/ubuntu/natty/asterisk/lp_705014 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/705014 Title: CVE-2011-0495: AST-2011-001: Asterisk: Stack based buffer overflow by forming an outgoing SIP request with specially-crafted caller ID information -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 705014] Re: CVE-2011-0495: AST-2011-001: Asterisk: Stack based buffer overflow by forming an outgoing SIP request with specially-crafted caller ID information
** Changed in: asterisk (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/705014 Title: CVE-2011-0495: AST-2011-001: Asterisk: Stack based buffer overflow by forming an outgoing SIP request with specially-crafted caller ID information -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs