Bug#697230: asterisk: Two security issues: AST-2012-014 / AST-2012-015

Moritz Muehlenhoff jmm at inutil.org
Fri Mar 1 16:53:18 UTC 2013


found 697230 1:1.8.13.1~dfsg-1
thanks

On Wed, Jan 02, 2013 at 10:56:43PM +0100, Salvatore Bonaccorso wrote:
> Package: asterisk
> Severity: grave
> Tags: security
> Justification: user security hole
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
> 
> Hi,
> 
> the following vulnerabilities were published for asterisk.
> 
> CVE-2012-5976[0]:
> Crashes due to large stack allocations when using TCP
> 
> CVE-2012-5977[1]:
> Denial of Service Through Exploitation of Device State Caching
> 
> If you fix the vulnerabilities please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
> 
> For further information see:
> 
> [0] http://security-tracker.debian.org/tracker/CVE-2012-5976
> [1] http://security-tracker.debian.org/tracker/CVE-2012-5977
> 
> Please adjust the affected versions in the BTS as needed.
> 
> According to the advisories all 1.8.x versions seems affected.

This is still unfixed in sid!

Cheers,
        Moritz



More information about the Pkg-voip-maintainers mailing list