Bug#697230: asterisk: Two security issues: AST-2012-014 / AST-2012-015
Salvatore Bonaccorso
carnil at debian.org
Sat Mar 9 18:20:44 UTC 2013
Hi Tzafrir!
Are there news on this?
I have noticed that in the svn repository for asterisk there is
already:
asterisk (1:1.8.13.1~dfsg-2) unstable; urgency=high
* Patches backported from Asterisk 1.8.19.1 (Closes: #697230):
- Patch AST-2012-014 (CVE-2012-5976) - fixes Crashes due to large stack
allocations when using TCP.
The following two fixes were also pulled in order to easily apply it:
- Patch fix-sip-tcp-no-FILE - Switch to reading with a recv loop
- Patch fix-sip-tls-leak - Memory leak in the SIP TLS code
- Patch AST-2012-015 (CVE-2012-5977) - Denial of Service Through
Exploitation of Device State Caching
-- Tzafrir Cohen <tzafrir at debian.org> Tue, 08 Jan 2013 00:06:09 +0200
Could you have a look if there is only the upload missing?
Regards,
Salvatore
More information about the Pkg-voip-maintainers
mailing list