Bug#697230: asterisk: Two security issues: AST-2012-014 / AST-2012-015
Salvatore Bonaccorso
carnil at debian.org
Wed Jan 2 21:56:43 UTC 2013
Package: asterisk
Severity: grave
Tags: security
Justification: user security hole
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi,
the following vulnerabilities were published for asterisk.
CVE-2012-5976[0]:
Crashes due to large stack allocations when using TCP
CVE-2012-5977[1]:
Denial of Service Through Exploitation of Device State Caching
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] http://security-tracker.debian.org/tracker/CVE-2012-5976
[1] http://security-tracker.debian.org/tracker/CVE-2012-5977
Please adjust the affected versions in the BTS as needed.
According to the advisories all 1.8.x versions seems affected.
Regards,
Salvatore
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCgAGBQJQ5K0XAAoJEHidbwV/2GP+4kMQAL2fplVcLBKGn0a03HlCWMdm
Dc0uLrlaSG/YG5jCGOLwyNiNrL/+h1Y1Ld2AaHLInEvoHPTUO4GGTTkdUFWmMxpP
C8EyihsbG/bCYykimfLXBBp+4ndRvXY5akxGRVDLve06uy3NPlerqo6kbslBADgX
BSNRmYOE4J+Zpue2TkcmQSpeFeyClzFYA7viKJP7xXa9OqTCaC+yHRIQqxLOhQl6
9YiHuxaO0IbmeZmrbbrRzuO3qbM1QpRbvkL0Am2IOl4zcYzQGUd7FtbgadtPOL9k
qTwDM2xXNG/3HzbxInX0DnJoIl4tVxpMteNZBUzRrof3dvh7CU2d0Ql5k6GDAyau
r/yrA9SftFD7JZADQPmAT5LonwXplFvLE8AMBDaegeirrSbNayQVbxp4l5rxBpN7
4esfQrWJs0ecmPPCoHoST4uZgelFev7UHWpCE2spOVpBwxBkcDLm1Hl3w0r9WYlk
4ek+XlLPw/Rkhy/75jEBb/k73DTwXSwPX49jedOR1ysic9ADqu3SuYOVrX28/sCr
ZS6V1L5W2kkqETCrgl55jGqG8rJq2QsEMIzJ17HyIdpxe9IVdLzhSzf8yFUo2puG
O1fcqpUHK6uo4Jz8dcd1GnzsJzn/bU9FjczO6SzRMeyQt1fJZlssbQBtxSTuLgYm
MHbhYUTKLs372+Yr1/S5
=dP/T
-----END PGP SIGNATURE-----
More information about the Pkg-voip-maintainers
mailing list