[Debian RT] Asterisk: 3-way handshake in IAX2 incomplete (AST-2008-006, CVE-2008-1897)
Faidon Liambotis
paravoid at debian.org
Sat Apr 26 21:09:09 UTC 2008
Hi,
New asterisk versions were recently released to include a security fix.
The vulnerability[1] is characterized "Critical" by upstream and an
exploit is already in the wild.
unstable was fixed with version 1:1.4.19.1~dfsg-1.
We have prepared 1:1.2.13~dfsg-2etch4 to fix etch and I'm requesting
permission to upload ASAP.
I'm attaching the debdiff.
Regards,
Faidon
1: http://downloads.digium.com/pub/security/AST-2008-006.html
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: asterisk-2etch4.diff
Url: http://lists.alioth.debian.org/pipermail/pkg-voip-maintainers/attachments/20080427/ab567bda/attachment-0001.txt
More information about the Pkg-voip-maintainers
mailing list