This issue was resolved and addressed in
GLSA 201209-15 at http://security.gentoo.org/glsa/glsa-201209-15.xml
by GLSA coordinator Sean Amoss (ackle).
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to asterisk in Ubuntu.
https://bugs.laun
CVE-2012-3867 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3867):
lib/puppet/ssl/certificate_authority.rb in Puppet before 2.6.17 and 2.7.x
before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly
restrict the characters in the Common Name field of a Certificate Signing
Request
CVE-2012-3863 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3863):
channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x
before 10.5.2, Asterisk Business Edition C.3.x before C.3.7.5, Certified
Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones
10.x.x-
CVE-2012-3812 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3812):
Double free vulnerability in apps/app_voicemail.c in Asterisk Open Source
1.8.x before 1.8.13.1 and 10.x before 10.5.2, Certified Asterisk
1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones
10.x.x-digiumphones befor