Bug#419820: Asterisk security bugs

Faidon Liambotis paravoid at debian.org
Mon Aug 27 10:01:39 UTC 2007


# ASA-2007-016, CVE-2007-3764
close 376767 1:1.2.13~dfsg-2etch1

# ASA-2007-011, CVE-2007-1594, CVE-2007-2297
close 419820 1:1.2.13~dfsg-2etch1
found 419820 1:1.0.7.dfsg.1-2
fixed 419820 1:1.0.7.dfsg.1-2sarge5

# CVE-2007-1306
close 419370 1:1.2.13~dfsg-2etch1
thanks

All of the known Asterisk security vulnerabilities (CVE-2007-1306,
CVE-2007-1561, CVE-2007-2294, CVE-2007-2297, CVE-2007-2488,
CVE-2007-3762, CVE-2007-3763 and CVE-2007-3764) are fixed in
1:1.2.13~dfsg-2etch1 for stable (etch), 1:1.0.7.dfsg.1-2sarge5 for
oldstable (sarge) and 1:1.4.11~dfsg.1 for unstable (sid).
Current testing (lenny) is still vulnerable, but this is the least of
its problems.
We are hoping to migrate the unstable version soon enough.

The relevant Debian Security Advisory is DSA 1358-1.

Regards,
Faidon




More information about the Pkg-voip-maintainers mailing list