Bug#610487: asterisk: AST-2011-001: buffer overflow in caller ID URI encoding
Adam D. Barratt
adam at adam-barratt.org.uk
Wed Jan 19 13:31:46 UTC 2011
user release.debian.org at packages.debian.org
tag 610487 + squeeze-ignore
usertag 610487 + squeeze-can-defer
thanks
On Tue, January 18, 2011 23:36, Tzafrir Cohen wrote:
> The Asterisk project has reported security advisory ASA-2011-011
> http://downloads.asterisk.org/pub/security/AST-2011-001.html
> (No CVE ATM)
>
> "When forming an outgoing SIP request while in pedantic mode, a stack
> buffer can be made to overflow if supplied with carefully crafted caller
> ID information. "
This can be fixed for squeeze after the release if necessary; marking as
not a blocker.
Regards,
Adam
More information about the Pkg-voip-maintainers
mailing list