Bug#552756: AST-2009-007: SIP INVITE ACL bypass
Raphael Geissert
geissert at debian.org
Tue Oct 27 19:58:35 UTC 2009
Package: asterisk
Version: 1:1.6.2.0~dfsg~rc1-1
Severity: grave
Tags: security patch
Hi,
A vulnerability has been reported in asterisk that allows a device to make
calls on networks intended to be prohibited as defined by the "deny"
and "permit" lines in sip.conf.
The original advisory can be found at:
http://downloads.asterisk.org/pub/security/AST-2009-007.html
And the patch at:
http://downloads.asterisk.org/pub/security/AST-2009-007-1.6.1.diff.txt
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry, whenever one is assigned.
Cheers,
--
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net
More information about the Pkg-voip-maintainers
mailing list