Bug#697230: asterisk: Two security issues: AST-2012-014 / AST-2012-015
Salvatore Bonaccorso
carnil at debian.org
Sun Mar 24 06:56:24 UTC 2013
Hi
On Sat, Mar 09, 2013 at 07:20:44PM +0100, Salvatore Bonaccorso wrote:
> Hi Tzafrir!
>
> Are there news on this?
>
> I have noticed that in the svn repository for asterisk there is
> already:
>
> asterisk (1:1.8.13.1~dfsg-2) unstable; urgency=high
>
> * Patches backported from Asterisk 1.8.19.1 (Closes: #697230):
> - Patch AST-2012-014 (CVE-2012-5976) - fixes Crashes due to large stack
> allocations when using TCP.
> The following two fixes were also pulled in order to easily apply it:
> - Patch fix-sip-tcp-no-FILE - Switch to reading with a recv loop
> - Patch fix-sip-tls-leak - Memory leak in the SIP TLS code
> - Patch AST-2012-015 (CVE-2012-5977) - Denial of Service Through
> Exploitation of Device State Caching
>
> -- Tzafrir Cohen <tzafrir at debian.org> Tue, 08 Jan 2013 00:06:09 +0200
>
> Could you have a look if there is only the upload missing?
Ping? I'm asking again as the release of wheezy is getting nearer.
Regards,
Salvatore
More information about the Pkg-voip-maintainers
mailing list