Bug#389252: twinkle: PRACK messages should be authenticated

Mikael Magnusson mikma at users.sourceforge.net
Sun Sep 24 18:40:58 UTC 2006

Package: twinkle
Version: 1:0.8.1-1
Severity: normal

Twinkle fails to respond to Proxy-Authentication challenges of PRACK

According to RFC 3262:

9 Security Considerations

   The PRACK request can be injected by attackers to force
   retransmissions of reliable provisional responses to cease.  As these
   responses can convey important information, PRACK messages SHOULD be
   authenticated as any other request.  Authentication procedures are
   specified in RFC 3261.

-- System Information:
Debian Release: testing/unstable
  APT prefers testing
  APT policy: (750, 'testing'), (671, 'stable'), (500, 'testing'), (30, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.11-vserver-k7
Locale: LANG=sv_SE.UTF-8, LC_CTYPE=sv_SE.UTF-8 (charmap=UTF-8)

Versions of packages twinkle depends on:
ii  kdelibs4c2a                4:3.5.4-3     core libraries and binaries for al
ii  libasound2                 1.0.12-1      ALSA library
ii  libboost-regex1.33.1       1.33.1-4      regular expression library for C++
ii  libc6                      2.3.6.ds1-4   GNU C Library: Shared libraries
ii  libccrtp1-1.4-0            1.4.1-2       Common C++ class framework for RTP
ii  libcommoncpp2-1.4-0        1.4.3-1       A GNU package for creating portabl
ii  libgcc1                    1:4.1.1-13    GCC support library
ii  libgsm1                    1.0.10-13     Shared libraries for GSM speech co
ii  libqt3-mt                  3:3.3.6-4     Qt GUI Library (Threaded runtime v
ii  libsndfile1                1.0.16-1      Library for reading/writing audio 
ii  libspeex1                  1.1.12-2      The Speex Speech Codec
ii  libstdc++6                 4.1.1-13      The GNU Standard C++ Library v3
ii  libx11-6                   2:1.0.0-8     X11 client-side library
ii  libxext6                   1:1.0.1-2     X11 miscellaneous extension librar
ii  libxml2                    2.6.26.dfsg-3 GNOME XML library
ii  zlib1g                     1:1.2.3-13    compression library - runtime

twinkle recommends no packages.

-- no debconf information

More information about the Pkg-voip-maintainers mailing list