Bug#454155: asterisk: SQL Injection issue in res_config_pgsql/cdr_pgsql (AST-2007-025/AST-2007-026)

Teodor mteodor at Gmail.com
Mon Dec 3 15:00:41 UTC 2007 

Package: asterisk
Version: 1:1.4.13~dfsg-1
Severity: important


The asterisk team has fixed two security updates:
  AST-2007-025 - SQL Injection issue in res_config_pgsql
  AST-2007-026 - SQL Injection issue in cdr_pgsql

These issues were fixed in the latest release (1.4.15). Please upgrade
the package to this version.

Thanks


-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (990, 'unstable'), (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.22-3-686 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages asterisk depends on:
ii  adduser               3.105              add and remove users and groups
ii  asterisk-config       1:1.4.13~dfsg-1    Configuration files for Asterisk
ii  asterisk-sounds-main  1:1.4.13~dfsg-1    Core Sound files for Asterisk (Eng
ii  libasound2            1.0.15-2           ALSA library
ii  libc-client2006j2     7:2006j2.dfsg-3    UW c-client library for mail proto
ii  libc6                 2.7-3              GNU C Library: Shared libraries
ii  libcap1               1:1.10-14          support for getting/setting POSIX.
ii  libct3                0.63-3.2           libraries for connecting to MS SQL
ii  libcurl3              7.17.1-1           Multi-protocol file transfer libra
ii  libgcc1               1:4.2.2-4          GCC support library
ii  libgsm1               1.0.12-1           Shared libraries for GSM speech co
ii  libiksemel3           1.2-3              C library for the Jabber IM platfo
ii  libkrb53              1.6.dfsg.3~beta1-2 MIT Kerberos runtime libraries
ii  libncurses5           5.6+20071124-1     Shared libraries for terminal hand
ii  libnewt0.52           0.52.2-11.1        Not Erik's Windowing Toolkit - tex
ii  libogg0               1.1.3-2            Ogg Bitstream Library
ii  libpopt0              1.10-3             lib for parsing cmdline parameters
ii  libpq5                8.2.5-3            PostgreSQL C client library
ii  libpri1.0             1.4.2-1            Primary Rate ISDN specification li
ii  libradiusclient-ng2   0.5.5-1            Enhanced RADIUS client library
ii  libsnmp15             5.4.1~dfsg-4       SNMP (Simple Network Management Pr
ii  libspeex1             1.1.12-3           The Speex Speech Codec
ii  libsqlite0            2.8.17-4           SQLite shared library
ii  libssl0.9.8           0.9.8g-3           SSL shared libraries
ii  libstdc++6            4.2.2-4            The GNU Standard C++ Library v3
ii  libtonezone1          1:1.4.5.1~dfsg-2   tonezone library (runtime)
ii  libvorbis0a           1.2.0.dfsg-2       The Vorbis General Audio Compressi
ii  libvorbisenc2         1.2.0.dfsg-2       The Vorbis General Audio Compressi
ii  unixodbc              2.2.11-16          ODBC tools libraries
ii  zlib1g                1:1.2.3.3.dfsg-7   compression library - runtime

asterisk recommends no packages.

-- no debconf information

More information about the Pkg-voip-maintainers mailing list