Bug#697230: asterisk: Two security issues: AST-2012-014 / AST-2012-015
Tzafrir Cohen
tzafrir.cohen at xorcom.com
Mon Jan 7 21:11:14 UTC 2013
On Wed, Jan 02, 2013 at 10:56:43PM +0100, Salvatore Bonaccorso wrote:
> Package: asterisk
> Severity: grave
> Tags: security
> Justification: user security hole
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> Hi,
>
> the following vulnerabilities were published for asterisk.
>
> CVE-2012-5976[0]:
> Crashes due to large stack allocations when using TCP
>
> CVE-2012-5977[1]:
> Denial of Service Through Exploitation of Device State Caching
Both apply to th stable vrsion as well. I commited fixes to th SVN.
Working on building them.
--
Tzafrir Cohen
icq#16849755 jabber:tzafrir.cohen at xorcom.com
+972-50-7952406 mailto:tzafrir.cohen at xorcom.com
http://www.xorcom.com iax:guest at local.xorcom.com/tzafrir
More information about the Pkg-voip-maintainers
mailing list