Bug#721220: asterisk: CVE-2013-5641 CVE-2013-5642

Tzafrir Cohen tzafrir.cohen at xorcom.com
Fri Aug 30 07:41:26 UTC 2013


On Thu, Aug 29, 2013 at 07:30:06PM +0300, Tzafrir Cohen wrote:
> On Thu, Aug 29, 2013 at 10:20:53AM +0200, Moritz Muehlenhoff wrote:
> > Package: asterisk
> > Severity: grave
> > Tags: security
> > Justification: user security hole
> > 
> > Please see http://downloads.asterisk.org/pub/security/AST-2013-004.html and
> > http://downloads.asterisk.org/pub/security/AST-2013-005.html
> > 
> > These affect oldstable and stable. Can you please prepare updates for
> > stable-security?
> 
> I've uploaded the fixes to the new git repo, branches wheezy and
> squeeze. See http://anonscm.debian.org/gitweb/?p=pkg-voip/asterisk.git
> which right now gives me "503 - The load average on the server is too
> high".

Uploaded to Wheezy. Still waiting a bit with the Squeeze upload in hope
for the promised feedback. Will upload if there is none.

I prepared an upload to Unstable, but it is currently uninstallable due
to the dependency on libsnmp30 (depends on libperl5.14, but libperl5.18
is in the system). I didn't see any open bug about this, but I guess
this is part of the perl transition.

-- 
               Tzafrir Cohen
icq#16849755              jabber:tzafrir.cohen at xorcom.com
+972-50-7952406           mailto:tzafrir.cohen at xorcom.com
http://www.xorcom.com



More information about the Pkg-voip-maintainers mailing list