Bug#419820: CVE-2007-1594: Asterisk segfaults upon receipt of a
certain SIP packet (SIP Response code 0)
Florian Weimer
fw at deneb.enyo.de
Wed Apr 18 20:33:25 UTC 2007
* Frédéric Brière:
> My apologies to the security team if I'm babbling nonsense, but
> security-tracker shows CVE-2007-1594 as being fixed in etch's
> 1:1.2.13~dfsg-2, while the CVE claims this was only fixed in 1.2.17.
> Is this normal?
No. 8-) At the botem of the page, there is a table that lists the raw
data.
| The information above is based on the following data on fixed versions.
|
| Package Type Release Fixed Version Urgency Origin Debian Bugs
| asterisk source (unstable) 1:1.4.2~dfsg-1 medium 419820
| asterisk source sarge (not affected)
In this case, we forgot to include the epoch "1:" in the version
number, so the 1.2 version was wrongly marked as fixed.
Thanks for reporting this, and sorry to the Asterisk folks for
cluttering their bug report.
More information about the Pkg-voip-maintainers
mailing list